Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe

Overview

General Information

Sample name:SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
Analysis ID:1492758
MD5:ac5ffc6e945471ce5e631f5fa8853d5a
SHA1:78f51682ec3d075aa90f49fe934ec77680d1e37a
SHA256:5a5a8ea05ccbc2cf33b2ffa7b09a725cabfa86bac080458f4f80a572bae83aec
Tags:exe
Infos:

Detection

Score:44
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:52
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Creates files in alternative data streams (ADS)
Javascript checks online IP of machine
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe (PID: 3424 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe" MD5: AC5FFC6E945471CE5E631F5FA8853D5A)
    • VC_redist.x86.exe (PID: 1292 cmdline: "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart MD5: 9882A328C8414274555845FA6B542D1E)
      • VC_redist.x86.exe (PID: 2300 cmdline: "C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532 /quiet /norestart MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
        • VC_redist.x86.exe (PID: 2148 cmdline: "C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{C5045546-B7FD-4832-9136-56B66BF2BB8B} {DC18713B-4B15-42EE-96B9-503491E8A295} 2300 MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
    • DriverHub.exe (PID: 3748 cmdline: "C:\Program Files (x86)\DriverHub\DriverHub.exe" MD5: 9E73D5B139958CD42A7067CBC44810B7)
      • test_wpf.exe (PID: 6120 cmdline: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe MD5: 03BA6C3A52780D89BE563B7CD5668AD0)
    • OperaGXDownloader.exe (PID: 2128 cmdline: "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0 MD5: 62633678215EE32B3609D9755F84B71B)
      • setup.exe (PID: 2132 cmdline: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --silent --allusers=0 --server-tracking-blob=NmJhMTgyZTY5ZGVjMmQyOGI4OGE4ZjU4ODc2ODc0MjIzYThiNDg4OGZiZGRhZmNhMmY3NTI0MzFjMjk5NmYzODp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMTA1OC4yNzkxIiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJkOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImMzOGRjYTVlLTQ5NzUtNGMyMi04Yjg0LTg0YzU0MDQzMjhhYiJ9 MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • setup.exe (PID: 6300 cmdline: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • setup.exe (PID: 3352 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
        • setup.exe (PID: 2272 cmdline: "C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=MWU4M2E0MTFmY2E4ZWJlODYwMGQ0OTFhNzZkNzg4ODYxODcyYzVhYzI5YWM2NzRkNzczOTYyZjNjMDJlM2U1Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMxMDU4LjI3OTEiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImQ5MjJhNTI5N2UzYjQzZjdiMDdlZTBlYWI1OGVhNzQwIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiYzM4ZGNhNWUtNDk3NS00YzIyLThiODQtODRjNTQwNDMyOGFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1C06000000000000 MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
          • setup.exe (PID: 2980 cmdline: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c MD5: 607FB47AD9D20BB16F90E4A38C93BBFE)
    • AvastDownloader.exe (PID: 1788 cmdline: "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WS MD5: 2BA68B0B5DA36C0641EA0BE5322AE747)
      • avast_free_antivirus_setup_online_x64.exe (PID: 7148 cmdline: "C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US MD5: C2626794E09A2197C5AC2FECC2F611A2)
        • Instup.exe (PID: 6824 cmdline: "C:\Windows\Temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US MD5: 7342A3F59C64B20E80DE29EB49D99389)
    • chrome.exe (PID: 3656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chrome MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4956 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,249236671189780504,10620192956757997169,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • SrTasks.exe (PID: 1496 cmdline: C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1 MD5: 2694D2D28C368B921686FE567BD319EB)
    • conhost.exe (PID: 5804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • msiexec.exe (PID: 5008 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • VC_redist.x86.exe (PID: 6412 cmdline: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
    • VC_redist.x86.exe (PID: 1200 cmdline: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
      • VC_redist.x86.exe (PID: 3116 cmdline: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556 MD5: 7BD0B2D204D75012D3A9A9CE107C379E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\DriverHub\net_updater32.exemisc_posunknown@patrickrolsen
  • 0x169e98:$s2: cmd /c net start %s
  • 0x1e6202:$s3: pid:
  • 0x74fdb8:$s5: COMSPEC
C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    19.3.DriverHub.exe.985aaea.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      19.3.DriverHub.exe.98624e6.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce, EventID: 13, EventType: SetValue, Image: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe, ProcessId: 2148, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{46c3b171-c15c-4137-8e1d-67eeb2985b44}

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for domain / URL
        Source: https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_Virustotal: Detection: 5%Perma Link
        Multi AV Scanner detection for submitted file
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeVirustotal: Detection: 17%Perma Link
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeReversingLabs: Detection: 21%
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006A9EB7 DecryptFileW,4_2_006A9EB7
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,4_2_006CF961
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006A9C99 DecryptFileW,DecryptFileW,4_2_006A9C99
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00909EB7 DecryptFileW,5_2_00909EB7
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,5_2_0092F961
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00909C99 DecryptFileW,DecryptFileW,5_2_00909C99
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,6_2_00E1F961
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DF9C99 DecryptFileW,DecryptFileW,6_2_00DF9C99
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DF9EB7 DecryptFileW,6_2_00DF9EB7
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003DF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,16_2_003DF961
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003B9C99 DecryptFileW,DecryptFileW,16_2_003B9C99
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003B9EB7 DecryptFileW,16_2_003B9EB7

        Phishing

        barindex
        Javascript checks online IP of machine
        Source: https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.jsHTTP Parser: !function(e){if(!e.hasinitialised){var t={escaperegexp:function(e){return e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&")},hasclass:function(e,t){var i=" ";return 1===e.nodetype&&(i+e.classname+i).replace(/[\n\t]/g,i).indexof(i+t+i)>=0},addclass:function(e,t){e.classname+=" "+t},removeclass:function(e,t){var i=new regexp("\\b"+this.escaperegexp(t)+"\\b");e.classname=e.classname.replace(i,"")},interpolatestring:function(e,t){return e.replace(/{{([a-z][a-z0-9\-_]*)}}/gi,function(e){return t(arguments[1])||""})},getcookie:function(e){var t=("; "+document.cookie).split("; "+e+"=");return t.length<2?void 0:t.pop().split(";").shift()},setcookie:function(e,t,i,n,o,s){var r=new date;r.sethours(r.gethours()+24*(i||365));var a=[e+"="+t,"expires="+r.toutcstring(),"path="+(o||"/")];n&&a.push("domain="+n),s&&a.push("secure"),document.cookie=a.join(";")},deepextend:function(e,t){for(var i in t)t.hasownproperty(i)&&(i in e&&this.isplainobject(e[i])&&this.isplainobject(t[i])?this.deepextend(e[i],t[i]):e[i]=t[i]);retu...
        Source: https://multipassword.com/en/extension-thankyouHTTP Parser: No favicon

        Compliance

        barindex
        Uses 32bit PE files
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Found installer window with terms and condition text
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeWindow detected: panel EnglishpanelpanelpanelpanelDriverHubAutomatically find andinstall drivers100% FreepanelFix and update all the device drivers by yourself. The software istotally free and you do not need call to service center.By downloading installing or using this product you agree to its:License agreementPrivacy policyDriverHub installs Bright Data components (no execution). You willbe able to view the component details in full before you accept thisoffer as well as being able to turn Bright Data on and off directlyfrom the "App Settings". Read more aboutBright Data's EULAUpdate outdated driversFind missing driversInstall drivers automatically in one clickDaily updated drivers databasepanelInstallCustom installation
        Creates a software restore point
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDoneJump to behavior
        Creates a software uninstall entry
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHubJump to behavior
        Creates install or setup log file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814062426827.log
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814062432433.log
        Creates license or readme file
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1028\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1029\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1031\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1036\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1040\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1041\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1042\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1045\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1046\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1049\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1055\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\2052\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\3082\license.rtfJump to behavior
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1028\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1029\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1031\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1036\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1040\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1041\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1042\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1045\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1046\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1049\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1055\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\2052\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\3082\license.rtf
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\README.txt
        PE / OLE file has a valid certificate
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: certificate valid
        Contains modern PE file flags such as dynamic base (ASLR) or NX
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Binary contains paths to debug symbols
        Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x86.exe, 00000004.00000000.2297498326.00000000006DB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x86.exe, 00000005.00000000.2298951964.000000000093B000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x86.exe, 00000006.00000000.2304746342.0000000000E2B000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x86.exe, 00000006.00000002.2537686547.0000000000E2B000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x86.exe, 00000006.00000003.2462994255.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000010.00000002.2607875336.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000010.00000000.2602288573.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000011.00000000.2604087994.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000011.00000002.3318645157.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000012.00000002.3318220649.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000012.00000000.2606209264.00000000003EB000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\test_wpf.exe.pdb source: test_wpf.exe, 00000014.00000000.2776513659.0000000000972000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: D3DCompiler_47.pdb* source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2162095952.000000000D6D1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D3DCompiler_47.pdb source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2162095952.000000000D6D1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\idle_report.exe.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: _-./:'Proc exited status 9Proc exited event exception .pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320032716.0000000000706000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2883575546.0000000000706000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3318179512.0000000000706000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2892954289.0000000000706000.00000002.00000001.01000000.0000003E.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\Dotfuscated\dotfuscator_conf.xml\lum_sdk_int.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: 'Proc exited status 9Proc exited event exception .dll.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\brightdata.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\Dotfuscated\dotfuscator_conf.xml\lum_sdk_int.pdb< source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\idle_report.exe.pdbH9b9 T9_CorExeMainmscoree.dll source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: AvastDownloader.exe, 00000017.00000002.3318183913.0000000000A04000.00000002.00000001.01000000.0000003F.sdmp, AvastDownloader.exe, 00000017.00000000.2890197364.0000000000A04000.00000002.00000001.01000000.0000003F.sdmp
        Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmp
        Source: C:\Windows\System32\msiexec.exeFile opened: z:
        Source: C:\Windows\System32\msiexec.exeFile opened: x:
        Source: C:\Windows\System32\msiexec.exeFile opened: v:
        Source: C:\Windows\System32\msiexec.exeFile opened: t:
        Source: C:\Windows\System32\msiexec.exeFile opened: r:
        Source: C:\Windows\System32\msiexec.exeFile opened: p:
        Source: C:\Windows\System32\msiexec.exeFile opened: n:
        Source: C:\Windows\System32\msiexec.exeFile opened: l:
        Source: C:\Windows\System32\msiexec.exeFile opened: j:
        Source: C:\Windows\System32\msiexec.exeFile opened: h:
        Source: C:\Windows\System32\msiexec.exeFile opened: f:
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile opened: d:
        Source: C:\Windows\System32\msiexec.exeFile opened: b:
        Source: C:\Windows\System32\msiexec.exeFile opened: y:
        Source: C:\Windows\System32\msiexec.exeFile opened: w:
        Source: C:\Windows\System32\msiexec.exeFile opened: u:
        Source: C:\Windows\System32\msiexec.exeFile opened: s:
        Source: C:\Windows\System32\msiexec.exeFile opened: q:
        Source: C:\Windows\System32\msiexec.exeFile opened: o:
        Source: C:\Windows\System32\msiexec.exeFile opened: m:
        Source: C:\Windows\System32\msiexec.exeFile opened: k:
        Source: C:\Windows\System32\msiexec.exeFile opened: i:
        Source: C:\Windows\System32\msiexec.exeFile opened: g:
        Source: C:\Windows\System32\msiexec.exeFile opened: e:
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile opened: c:
        Source: C:\Windows\System32\msiexec.exeFile opened: a:
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_00693BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00693BC3
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D4315 FindFirstFileW,FindClose,4_2_006D4315
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006A993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_006A993E
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C7A87 FindFirstFileExW,4_2_006C7A87
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00934315 FindFirstFileW,FindClose,5_2_00934315
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0090993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_0090993E
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_008F3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_008F3BC3
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00927A87 FindFirstFileExW,5_2_00927A87
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E24315 FindFirstFileW,FindClose,6_2_00E24315
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DF993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,6_2_00DF993E
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DE3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,6_2_00DE3BC3
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E17A87 FindFirstFileExW,6_2_00E17A87
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003E4315 FindFirstFileW,FindClose,16_2_003E4315
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003B993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,16_2_003B993E
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D7A87 FindFirstFileExW,16_2_003D7A87
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003A3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,16_2_003A3BC3
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_00918D20 FindFirstFileW,21_2_00918D20
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0093FEEB FindFirstFileExW,21_2_0093FEEB
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULLJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packagesJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\NULLJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULLJump to behavior

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: 19.3.DriverHub.exe.985aaea.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.3.DriverHub.exe.98624e6.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dll, type: DROPPED
        Source: Joe Sandbox ViewIP Address: 104.18.187.31 104.18.187.31
        Source: Joe Sandbox ViewIP Address: 34.149.149.62 34.149.149.62
        Source: Joe Sandbox ViewIP Address: 87.250.250.119 87.250.250.119
        Source: setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
        Source: VC_redist.x86.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
        Source: VC_redist.x86.exe, 00000004.00000000.2297498326.00000000006DB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x86.exe, 00000005.00000000.2298951964.000000000093B000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x86.exe, 00000006.00000000.2304746342.0000000000E2B000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x86.exe, 00000006.00000002.2537686547.0000000000E2B000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x86.exe, 00000006.00000003.2462994255.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000010.00000002.2607875336.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000010.00000000.2602288573.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000011.00000000.2604087994.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000011.00000002.3318645157.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000012.00000002.3318220649.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000012.00000000.2606209264.00000000003EB000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: http://autoupdate-staging.services.ams.osa/netinstallervFetching
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://brightdata.com
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
        Source: test_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/test_wpf;component/test_wpf.xaml
        Source: test_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/test_wpf;component/test_wpf.xamld
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://doc.qt.io/qt-5/qtquickcontrols2-styles.html
        Source: DriverHub.exeString found in binary or memory: http://en.wikip
        Source: test_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/test_wpf.baml
        Source: test_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/test_wpf.bamld
        Source: test_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/test_wpf.xaml
        Source: test_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/test_wpf.xamld
        Source: AvastDownloader.exe, 00000017.00000002.3318183913.0000000000A04000.00000002.00000001.01000000.0000003F.sdmp, AvastDownloader.exe, 00000017.00000000.2890197364.0000000000A04000.00000002.00000001.01000000.0000003F.sdmpString found in binary or memory: http://https://allow_fallback/geo/v2/infoip-info.ff.avast.com
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayBlack
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraBold
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraLight
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayLight
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayMedium
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewaySemiBold
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThin
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
        Source: DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://theleagueofmoveabletype.comhttp://pixelspread.comThis
        Source: AvastDownloader.exe, 00000017.00000003.3026249141.0000000005499000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191516268.0000000005499000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3027747829.000000000548B000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191818220.000000000548B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
        Source: AvastDownloader.exe, 00000017.00000003.3027747829.000000000548B000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191818220.000000000548B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiq
        Source: VC_redist.x86.exe, 00000005.00000002.2548263729.0000000002D20000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000005.00000002.2548758642.0000000003110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
        Source: VC_redist.x86.exe, 00000005.00000002.2548758642.0000000003110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.apache.org/licenses/
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Open
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.brightdata.com?
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.3225512899.0000000007E43000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.gimp.org/xmp/
        Source: AvastDownloader.exe, 00000017.00000003.3026249141.00000000054CE000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191516268.0000000005499000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
        Source: AvastDownloader.exe, 00000017.00000003.3191516268.00000000054CE000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3026249141.00000000054CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmp, AvastDownloader.exe, 00000017.00000003.3191818220.000000000547C000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3027747829.000000000547C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.google-analytics.com/collect-_application/x-www-form-urlencoded1postMessage()2postNextMes
        Source: AvastDownloader.exe, 00000017.00000003.3191818220.000000000547C000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3027747829.000000000547C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collectK
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpString found in binary or memory: http://www.opera.com0
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.winimage.com/zLibDllP
        Source: setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2173850908.000000000D6D7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.az-partners.net/apps/driver-hub/payload?ap=28ConfigUrlhttps://www.drvhub.net/app/downloa
        Source: setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/
        Source: setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg//
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://api.config.opr.gg/v0/config
        Source: setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&p
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://api.config.opr.gg/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&cha
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://api.drvhub.net
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://api.drvhub.netgzip
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
        Source: setup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
        Source: setup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64=
        Source: setup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64m
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bright-sdk.com/EULA?
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bright-sdk.com/faq#sdk_app_connect
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bright-sdk.com/privacy-policy?
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bright-sdk.com/users#learn-more-about-bright-sdk-web-indexing?
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://brightdata.com/ethical?
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://brightdata.com/faq#accepted_usage?
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://brightdata.com/faq#lum-peers?
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://brightdata.com/legal/sdk-eulaBottomUrl
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2173850908.000000000D6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://brightdata.com/legal/sdk-eulaBottomUrlp
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://brightdata.com/sdk/information
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxhttps://multipassword.com/extension-thankyou/hy
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://crashpad.chromium.org/
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2159579305.000000000D6DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/copyright.html
        Source: setup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
        Source: setup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
        Source: setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryM
        Source: setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryP
        Source: setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarex
        Source: setup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary~
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://distrsubv4.go.mail.ru/atom/silent/?utm_source=azpartner&rfrautorundaysAtomDownloader.exe/SIL
        Source: setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
        Source: setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/W
        Source: setup.exe, 00000016.00000003.2991079511.000000000117F000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2990263780.00000000011B5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
        Source: setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=67239&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_U
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
        Source: setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/
        Source: setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3020531178.000000000118E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/112.0.5197.60/win/Opera_GX_112.0.5197.60_Autoupdate_
        Source: setup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_cont
        Source: setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/u
        Source: setup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.000000000119E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
        Source: setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.000000000119E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/-8798-297a9453adf0&product=gx&channel=Stable&version=112.0.5197.607
        Source: setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.000000000119E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/0.5197.60
        Source: setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
        Source: setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=f79ee9f0-2bd8-437c-87
        Source: setup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/q
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW_AZ_CPI202204_6.6.0.1054.exe
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://gamemaker.io
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://gamemaker.io)
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://gamemaker.io/en/education.
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://gamemaker.io/en/get.
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://get.surfshark.net/aff_c?offer_id=926&aff_id=13476&aff_sub=aff_sub
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://help.instagram.com/581066165581870;
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://help.opera.com/latest/
        Source: AvastDownloader.exe, 00000017.00000003.2907074466.0000000005497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ip-info.ff.avast.com/v2/info
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=244068_89d678f2be164786b292527658ca1605ht
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://legal.opera.com/eula/computers
        Source: setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://legal.opera.com/privacy
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://legal.opera.com/privacy.
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://legal.opera.com/terms
        Source: setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://legal.opera.com/terms.
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=RSTP&utm_campaign=
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=RSTP&utm_campaign=op100--silent
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://opera.com/privacy
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://policies.google.com/terms;
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://redir.opera.com/uninstallsurvey/
        Source: setup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg
        Source: DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://ru.drvhub.net/contacts
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.000000000548B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavast.avcdn.net/
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.00000000054CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavast.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavast.avcdn.net:443/iavs9x/avast_free_antivirus_setup_online_x64.exe
        Source: AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://securevpn.pro/securevpnpro.exe/STeslaBrowserhttps://www.teslabrowser.com/download/init/silen
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://sourcecode.opera.com
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://telegram.org/tos/
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://twitter.com/en/tos;
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/apps/zipsoft-2/downloadPrograma
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/E65xXNswps.batcfreg
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/Emq7Etvprog.ico
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/J1KO1pctv.icoPrograma
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/s/oEZd1yaga.icoYandex
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.az-partners.net/storage/vs/2013/vcredist2013_x86.exevcredist_x86.exehttps://www.az-partn
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.carambis.ru/programs/cleaner/download.html?cs_aff=drvhuboffer/silent
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2147851988.000000000A9CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drvhub.net/products/free/download
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2149396036.000000000A9D5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2149367005.000000000A9CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2150641015.000000000A9DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2147851988.000000000A9CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drvhub.net/products/free/downloadt
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2173850908.000000000D6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.drvhub.net/products/uninstall?locale=
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
        Source: DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/licenses/gpl-2.0.html
        Source: DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.html.
        Source: DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/licenses/lgpl-3.0.html.
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.google.com
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.google.comPerform
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://www.opera.com
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://www.opera.com..
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://www.opera.com/gx/
        Source: setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://www.opera.com/privacy
        Source: DriverHub.exe, 00000013.00000003.2847296354.00000000057AE000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.qt.io/contact-us.
        Source: DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.qt.io/licensing/
        Source: DriverHub.exe, DriverHub.exe, 00000013.00000003.2877481394.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000060DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.qt.io/terms-conditi
        Source: DriverHub.exe, 00000013.00000003.2847296354.00000000057AE000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.qt.io/terms-conditions.
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpString found in binary or memory: https://www.whatsapp.com/legal;

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: C:\Program Files (x86)\DriverHub\net_updater32.exe, type: DROPPEDMatched rule: misc_pos Author: @patrickrolsen
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ac866.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICB25.tmp
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\concrt140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_1.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_2.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_atomic_wait.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vccorlib140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140_threads.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ac872.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ac872.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ac873.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9C19C103-7DB1-44D1-A039-2C076A633A38}
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID596.tmp
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dll
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ac87a.msi
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3ac87a.msi
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeFile deleted: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BC0FA4_2_006BC0FA
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006961844_2_00696184
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C022D4_2_006C022D
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CA3B04_2_006CA3B0
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C06624_2_006C0662
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_0069A7EF4_2_0069A7EF
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CA85E4_2_006CA85E
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BF9194_2_006BF919
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006A69CC4_2_006A69CC
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C0A974_2_006C0A97
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C2B214_2_006C2B21
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CED4C4_2_006CED4C
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C2D504_2_006C2D50
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BFE154_2_006BFE15
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_009069CC5_2_009069CC
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091C0FA5_2_0091C0FA
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_008F61845_2_008F6184
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092022D5_2_0092022D
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092A3B05_2_0092A3B0
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_009206625_2_00920662
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_008FA7EF5_2_008FA7EF
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092A85E5_2_0092A85E
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091F9195_2_0091F919
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00920A975_2_00920A97
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00922B215_2_00922B21
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00922D505_2_00922D50
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092ED4C5_2_0092ED4C
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091FE155_2_0091FE15
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0C0FA6_2_00E0C0FA
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DE61846_2_00DE6184
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1022D6_2_00E1022D
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1A3B06_2_00E1A3B0
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E106626_2_00E10662
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DEA7EF6_2_00DEA7EF
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1A85E6_2_00E1A85E
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DF69CC6_2_00DF69CC
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0F9196_2_00E0F919
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E10A976_2_00E10A97
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E12B216_2_00E12B21
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1ED4C6_2_00E1ED4C
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E12D506_2_00E12D50
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0FE156_2_00E0FE15
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CC0FA16_2_003CC0FA
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003A618416_2_003A6184
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D022D16_2_003D022D
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003DA3B016_2_003DA3B0
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D066216_2_003D0662
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003AA7EF16_2_003AA7EF
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003DA85E16_2_003DA85E
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CF91916_2_003CF919
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003B69CC16_2_003B69CC
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D0A9716_2_003D0A97
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D2B2116_2_003D2B21
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D2D5016_2_003D2D50
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003DED4C16_2_003DED4C
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CFE1516_2_003CFE15
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_0626159F19_3_0626159F
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E313820_2_012E3138
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E296D20_2_012E296D
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E331020_2_012E3310
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E342820_2_012E3428
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0092EE5721_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0091F03921_2_0091F039
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0091115B21_2_0091115B
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0091E24E21_2_0091E24E
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_009155BB21_2_009155BB
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0094555C21_2_0094555C
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0091460621_2_00914606
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_00942BCD21_2_00942BCD
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: String function: 00949103 appears 91 times
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: String function: 009313D0 appears 58 times
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 003E061A appears 34 times
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 003A1F20 appears 54 times
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 003E31C7 appears 85 times
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 003A37D3 appears 496 times
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: String function: 003E012F appears 678 times
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 006D31C7 appears 82 times
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 00691F20 appears 54 times
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 006D012F appears 678 times
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 006937D3 appears 496 times
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: String function: 006D061A appears 34 times
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: String function: 009331C7 appears 83 times
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: String function: 008F37D3 appears 496 times
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: String function: 0093061A appears 34 times
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: String function: 0093012F appears 678 times
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: String function: 008F1F20 appears 54 times
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: String function: 00DE1F20 appears 54 times
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: String function: 00DE37D3 appears 496 times
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: String function: 00E231C7 appears 83 times
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: String function: 00E2061A appears 34 times
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: String function: 00E2012F appears 678 times
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v2.0 to extract, compression method=deflate
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Resource name: DISTR type: Zip archive data, at least v6.3 to extract, compression method=lzma
        Source: lum_sdk32.dll.0.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Source: lum_sdk32.dll.0.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Source: lum_sdk32.dll.0.drStatic PE information: Resource name: BINARY type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
        Source: net_updater32.exe.0.drStatic PE information: Resource name: BINARY type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
        Source: mfc140jpn.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140chs.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140ita.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140deu.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140esn.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140cht.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140rus.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140fra.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140kor.dll.12.drStatic PE information: No import functions for PE file found
        Source: mfc140enu.dll.12.drStatic PE information: No import functions for PE file found
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E1after_internal_scan()SoftwareInfoReportertried to get drivers before scan finishing.tried to get unknowned devices before scan finishing.tried to get scanResult before scan finishing.--> internal_scanSoftwareInfoReporter::internal_scanStopped. StopFlag=%1m_errorCode=%1<-- internal_scan\VarFileInfo\TranslationTranslation of executable file %1 wasn't foundSoftware Info Reporter%1.%2.%3.%4ProductVersion\StringFileInfo\%08lx\%sFileVersionInternalNameOriginalFilenameProductNameFileDescriptionVersionCompanyNamesetupapiSetupGetInfDriverStoreLocationWSetupDiGetDevicePropertyWSetupDiGetDeviceProperty loading is failed with error=%1internal_driver_scan_initializem_fpSetupGetInfDriverStoreLocation loading is failed with error=%1;Start hardware scaningSoftwareInfoReporter::internal_driver_scan_hardwareUnknown DevicesFinish hardware scanning with successFinish hardware scaning for class %1SoftwareInfoReporter::internal_driver_scan_hardwareClassFinish hardware scaning for class. Cannot get devices. Error code: %1{4d36e97d-e325-11ce-bfc1-08002be10318}SYSTEM\CurrentControlSet\Control\Class\%1CM_Get_DevNode_Status failed. Error code: %1SoftwareInfoReporter::internal_scan_deviceinfoCan't enumerate device. May be there are no devices Local index: %1SoftwareInfoReporter::internal_driver_scan_hardwareDeviceCannot set device install params. Error code: %1No hids foundCannot build drivers list for a device. Error code: %1Can't enumerate driver.Finish driver scaning. Local index: %1Cannot get driver installation params failed. Error code: %1\inf\Retrieving signature... vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDriverHub.exe4 vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2162095952.000000000D6D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2036517314.000000000107B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDriverHubInstaller.exe4 vs SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: C:\Program Files (x86)\DriverHub\net_updater32.exe, type: DROPPEDMatched rule: misc_pos author = @patrickrolsen, reference = POS Malware
        Source: Qt5Core.dll.0.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
        Source: classification engineClassification label: mal44.phis.troj.evad.winEXE@57/1043@0/41
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CFD20 FormatMessageW,GetLastError,LocalFree,4_2_006CFD20
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006944E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,4_2_006944E9
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_008F44E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,5_2_008F44E9
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DE44E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,6_2_00DE44E9
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003A44E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,16_2_003A44E9
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D2F23 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,4_2_006D2F23
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006B6945 ChangeServiceConfigW,GetLastError,4_2_006B6945
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHubJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverHub.lnkJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMutant created: \Sessions\1\BaseNamedObjects\SecuriteInfo.com.Program.Unwanted.5511.32425.5112-user
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5804:120:WilError_03
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMutant created: NULL
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_0f3fbb856baf0729aaaf83d9a472a666
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMutant created: \Sessions\1\BaseNamedObjects\DRV_HUB-6C3A7A0A-62CB-4B4D-86C3-546B4D40FE5D
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMutant created: \Sessions\1\BaseNamedObjects\bright_sdk_ui_C_Program Files _x86_DriverHub
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHubJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: cabinet.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: msi.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: version.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: wininet.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: comres.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: msasn1.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: crypt32.dll4_2_00691070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCommand line argument: feclient.dll4_2_00691070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: cabinet.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: msi.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: version.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: wininet.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: comres.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: clbcatq.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: msasn1.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: crypt32.dll5_2_008F1070
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCommand line argument: feclient.dll5_2_008F1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: cabinet.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: msi.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: version.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: wininet.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: comres.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: clbcatq.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: msasn1.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: crypt32.dll6_2_00DE1070
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCommand line argument: feclient.dll6_2_00DE1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: cabinet.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: msi.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: version.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: wininet.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: comres.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: clbcatq.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: msasn1.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: crypt32.dll16_2_003A1070
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCommand line argument: feclient.dll16_2_003A1070
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: Title21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: BeginPrompt21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: Progress21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: yes21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: RunProgram21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: ExecuteFile21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: InstallPath21_2_0092EE57
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCommand line argument: %%T21_2_0092EE57
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile read: C:\Windows\System32\drivers\etc\hosts
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeVirustotal: Detection: 17%
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeReversingLabs: Detection: 21%
        Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
        Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
        Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
        Source: VC_redist.x86.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
        Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe"
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeProcess created: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe "C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532 /quiet /norestart
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeProcess created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe "C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{C5045546-B7FD-4832-9136-56B66BF2BB8B} {DC18713B-4B15-42EE-96B9-503491E8A295} 2300
        Source: unknownProcess created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
        Source: C:\Windows\System32\SrTasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
        Source: unknownProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe"
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files (x86)\DriverHub\DriverHub.exe "C:\Program Files (x86)\DriverHub\DriverHub.exe"
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --silent --allusers=0 --server-tracking-blob=NmJhMTgyZTY5ZGVjMmQyOGI4OGE4ZjU4ODc2ODc0MjIzYThiNDg4OGZiZGRhZmNhMmY3NTI0MzFjMjk5NmYzODp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMTA1OC4yNzkxIiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJkOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImMzOGRjYTVlLTQ5NzUtNGMyMi04Yjg0LTg0YzU0MDQzMjhhYiJ9
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WS
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chrome
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,249236671189780504,10620192956757997169,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe "C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=MWU4M2E0MTFmY2E4ZWJlODYwMGQ0OTFhNzZkNzg4ODYxODcyYzVhYzI5YWM2NzRkNzczOTYyZjNjMDJlM2U1Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMxMDU4LjI3OTEiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImQ5MjJhNTI5N2UzYjQzZjdiMDdlZTBlYWI1OGVhNzQwIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiYzM4ZGNhNWUtNDk3NS00YzIyLThiODQtODRjNTQwNDMyOGFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1C06000000000000
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeProcess created: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe "C:\Windows\Temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestartJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files (x86)\DriverHub\DriverHub.exe "C:\Program Files (x86)\DriverHub\DriverHub.exe" Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WSJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chromeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeProcess created: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe "C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532 /quiet /norestartJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeProcess created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe "C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{C5045546-B7FD-4832-9136-56B66BF2BB8B} {DC18713B-4B15-42EE-96B9-503491E8A295} 2300Jump to behavior
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe"
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --silent --allusers=0 --server-tracking-blob=NmJhMTgyZTY5ZGVjMmQyOGI4OGE4ZjU4ODc2ODc0MjIzYThiNDg4OGZiZGRhZmNhMmY3NTI0MzFjMjk5NmYzODp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMTA1OC4yNzkxIiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJkOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImMzOGRjYTVlLTQ5NzUtNGMyMi04Yjg0LTg0YzU0MDQzMjhhYiJ9
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe "C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=MWU4M2E0MTFmY2E4ZWJlODYwMGQ0OTFhNzZkNzg4ODYxODcyYzVhYzI5YWM2NzRkNzczOTYyZjNjMDJlM2U1Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMxMDU4LjI3OTEiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImQ5MjJhNTI5N2UzYjQzZjdiMDdlZTBlYWI1OGVhNzQwIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiYzM4ZGNhNWUtNDk3NS00YzIyLThiODQtODRjNTQwNDMyOGFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1C06000000000000
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeProcess created: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,249236671189780504,10620192956757997169,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe "C:\Windows\Temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dataexchange.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: d3d11.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dcomp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dxgi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msiso.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mshtml.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msimtf.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: d2d1.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dxcore.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: uiautomationcore.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: jscript9.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: msi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: feclient.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: feclient.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: explorerframe.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: srclient.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: spp.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: vsstrace.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: usoapi.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: sxproxy.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: feclient.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: spp.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: srclient.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: srcore.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: ktmw32.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: wer.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: bcd.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: vsstrace.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: dsrole.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: msxml3.dllJump to behavior
        Source: C:\Windows\System32\SrTasks.exeSection loaded: vss_ps.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
        Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: kernel.appcore.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cryptbase.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msi.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: version.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cabinet.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msxml3.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windows.storage.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wldp.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: profapi.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: apphelp.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: kernel.appcore.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cryptbase.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msi.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: version.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cabinet.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msxml3.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windows.storage.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wldp.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: profapi.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: apphelp.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: kernel.appcore.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cryptbase.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msi.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: version.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: cabinet.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msxml3.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windows.storage.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wldp.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: profapi.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: feclient.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: iertutil.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: uxtheme.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: textinputframework.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: coreuicomponents.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: coremessaging.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: ntmarta.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wintypes.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wintypes.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: wintypes.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msimg32.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: windowscodecs.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: explorerframe.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: riched20.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: usp10.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: msls31.dll
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeSection loaded: textshaping.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: apphelp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: lum_sdk32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: libcurl.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5gui.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qml.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5network.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5core.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: winhttp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: d3d11.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxgi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5core.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5network.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5core.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5core.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dnsapi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mpr.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: userenv.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: netapi32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: winmm.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140_1.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxgi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: srvcli.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: netutils.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: windows.storage.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wldp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: profapi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: cryptsp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rsaenh.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ntmarta.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcr120.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mscoree.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dwmapi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wtsapi32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: uxtheme.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: powrprof.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: umpdc.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wbemcomn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: amsi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quick.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qmlmodels.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qmlworkerscript.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5qmlmodels.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quicktemplates2.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5quickcontrols2.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: opengl32sw.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: opengl32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: glu32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: appxdeploymentclient.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: netprofm.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: npmproxy.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dwrite.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: d3d9.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: d3d10warp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dataexchange.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dcomp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: twinapi.appcore.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: qt5widgets.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: webio.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mswsock.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: winnsi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: sspicli.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rasadhlp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: fwpuclnt.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: schannel.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msasn1.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: gpapi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: mskeyprotect.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ntasn1.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ncrypt.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ncryptsslp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dpapi.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: msvcp140_clr0400.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dxtn.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: textinputframework.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: coreuicomponents.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: coremessaging.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: coremessaging.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: secur32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dbghelp.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rasapi32.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rasman.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: rtutils.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeSection loaded: dhcpcsvc.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: mscoree.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: kernel.appcore.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: version.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: uxtheme.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: cryptsp.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: rsaenh.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: cryptbase.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: dwrite.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: msvcp140_clr0400.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: windows.storage.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: wldp.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: profapi.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: uiautomationcore.dll
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: acgenral.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: samcli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: msacm32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winmmbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winmmbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: msimg32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: secur32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: dbghelp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: wininet.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: propsys.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: dbgcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: ntmarta.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: windows.storage.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: wldp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: profapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: dpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: cryptsp.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: rsaenh.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: cryptbase.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: netprofm.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: npmproxy.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: winhttp.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: webio.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: mswsock.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: iphlpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: winnsi.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: dnsapi.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: rasadhlp.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: fwpuclnt.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: schannel.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: mskeyprotect.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ntasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ncrypt.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ncryptsslp.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: msasn1.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: gpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: dpapi.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: apphelp.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: acgenral.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: uxtheme.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winmm.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: samcli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: msacm32.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: version.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: userenv.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: dwmapi.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: urlmon.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: mpr.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: sspicli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winmmbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: winmmbase.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: iertutil.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: srvcli.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: netutils.dll
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeSection loaded: msimg32.dll
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
        Source: DriverHub.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\Program Files (x86)\DriverHub\DriverHub.exe
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile written: C:\Windows\Temp\asw.b569351eb821d9a8\asw3ac8261543f4a847.ini
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Accept
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Continue
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeAutomated click: Install
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeWindow detected: panel EnglishpanelpanelpanelpanelDriverHubAutomatically find andinstall drivers100% FreepanelFix and update all the device drivers by yourself. The software istotally free and you do not need call to service center.By downloading installing or using this product you agree to its:License agreementPrivacy policyDriverHub installs Bright Data components (no execution). You willbe able to view the component details in full before you accept thisoffer as well as being able to turn Bright Data on and off directlyfrom the "App Settings". Read more aboutBright Data's EULAUpdate outdated driversFind missing driversInstall drivers automatically in one clickDaily updated drivers databasepanelInstallCustom installation
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeWindow detected: Number of UI elements: 14
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeWindow detected: Number of UI elements: 23
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeWindow detected: Number of UI elements: 23
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHubJump to behavior
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: certificate valid
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic file information: File size 7758000 > 1048576
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x48b400
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1cfc00
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: VC_redist.x86.exe, 00000004.00000000.2297498326.00000000006DB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmp, VC_redist.x86.exe, 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x86.exe, 00000005.00000000.2298951964.000000000093B000.00000002.00000001.01000000.0000000E.sdmp, VC_redist.x86.exe, 00000006.00000000.2304746342.0000000000E2B000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x86.exe, 00000006.00000002.2537686547.0000000000E2B000.00000002.00000001.01000000.00000011.sdmp, VC_redist.x86.exe, 00000006.00000003.2462994255.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000010.00000002.2607875336.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000010.00000000.2602288573.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000011.00000000.2604087994.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000011.00000002.3318645157.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000012.00000002.3318220649.00000000003EB000.00000002.00000001.01000000.00000015.sdmp, VC_redist.x86.exe, 00000012.00000000.2606209264.00000000003EB000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\test_wpf.exe.pdb source: test_wpf.exe, 00000014.00000000.2776513659.0000000000972000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: D3DCompiler_47.pdb* source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2162095952.000000000D6D1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D3DCompiler_47.pdb source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2162095952.000000000D6D1000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\idle_report.exe.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: _-./:'Proc exited status 9Proc exited event exception .pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320032716.0000000000706000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2883575546.0000000000706000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3318179512.0000000000706000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2892954289.0000000000706000.00000002.00000001.01000000.0000003E.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\Dotfuscated\dotfuscator_conf.xml\lum_sdk_int.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: 'Proc exited status 9Proc exited event exception .dll.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\brightdata.pdb source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\Dotfuscated\dotfuscator_conf.xml\lum_sdk_int.pdb< source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: c:\cygwin\home\bat\bat\checkout\zon\build.app_win64r_obf\pkg\win\sdk\certified\idle_report.exe.pdbH9b9 T9_CorExeMainmscoree.dll source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmp
        Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: AvastDownloader.exe, 00000017.00000002.3318183913.0000000000A04000.00000002.00000001.01000000.0000003F.sdmp, AvastDownloader.exe, 00000017.00000000.2890197364.0000000000A04000.00000002.00000001.01000000.0000003F.sdmp
        Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmp
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: concrt140.dll.12.drStatic PE information: 0x801EEB2B [Thu Feb 11 14:05:31 2038 UTC]
        Source: libcrypto-1_1.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x27c9df
        Source: libssl-1_1.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x90b02
        Source: OperaGXDownloader.exe.0.drStatic PE information: real checksum: 0x32346c should be: 0x326589
        Source: DriverHub.exe.0.drStatic PE information: section name: .shr
        Source: qgif.dll.0.drStatic PE information: section name: .qtmetad
        Source: qjpeg.dll.0.drStatic PE information: section name: .qtmetad
        Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: AvastDownloader.exe.0.drStatic PE information: section name: .didat
        Source: windowplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qmlfolderlistmodelplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qmlsettingsplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: Installer.exe0.0.drStatic PE information: section name: _RDATA
        Source: VC_redist.x86.exe.0.drStatic PE information: section name: .wixburn
        Source: qtquickcontrolsplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtquickcontrols2materialstyleplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtquickextrasflatplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtquickcontrols2plugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: dialogplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: dialogsprivateplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qquicklayoutsplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtquicktemplates2plugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: opengl32sw.dll.0.drStatic PE information: section name: _RDATA
        Source: qwindows.dll.0.drStatic PE information: section name: .qtmetad
        Source: Qt5Core.dll.0.drStatic PE information: section name: .qtmimed
        Source: qtquickcontrols2universalstyleplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtgraphicaleffectsprivate.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtgraphicaleffectsplugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: qtquick2plugin.dll.0.drStatic PE information: section name: .qtmetad
        Source: VC_redist.x86.exe.4.drStatic PE information: section name: .wixburn
        Source: VC_redist.x86.exe.5.drStatic PE information: section name: .wixburn
        Source: VC_redist.x86.exe.6.drStatic PE information: section name: .wixburn
        Source: mfc140.dll.12.drStatic PE information: section name: .didat
        Source: mfc140u.dll.12.drStatic PE information: section name: .didat
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE876 push ecx; ret 4_2_006BE889
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091E876 push ecx; ret 5_2_0091E889
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0E876 push ecx; ret 6_2_00E0E889
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CE876 push ecx; ret 16_2_003CE889
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A7140 pushad ; retf 004Dh19_3_057A7152
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A7140 pushad ; retf 004Dh19_3_057A7152
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A0D22 push ds; retf 19_3_057A0D23
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A0D22 push ds; retf 19_3_057A0D23
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A7140 pushad ; retf 004Dh19_3_057A7152
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A7140 pushad ; retf 004Dh19_3_057A7152
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A0D22 push ds; retf 19_3_057A0D23
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_057A0D22 push ds; retf 19_3_057A0D23
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_061828DA push ds; retf 19_3_061828DB
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_061828DA push ds; retf 19_3_061828DB
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_0617C3E0 push eax; ret 19_3_0617C3E1
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_0617C3E0 push eax; ret 19_3_0617C3E1
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_061063BE pushad ; iretd 19_3_06106529
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_060E66A0 pushad ; iretd 19_3_06106529
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_060FDA5C push edi; retf 19_3_060FDA5D
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_060FF56A pushad ; iretd 19_3_060FF8C9
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_06106195 pushad ; iretd 19_3_06106281
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_061828DA push ds; retf 19_3_061828DB
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_061828DA push ds; retf 19_3_061828DB
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_0617C3E0 push eax; ret 19_3_0617C3E1
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_0617C3E0 push eax; ret 19_3_0617C3E1
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeCode function: 19_3_0626159F push es; retf 0037h19_3_062622AC
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E42D9 push ebx; ret 20_2_012E42DA
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E0DE5 pushfd ; iretd 20_2_012E0DE9
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeCode function: 20_2_012E0F80 pushad ; retf 65E0h20_2_012E0F99
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_009490E0 push ecx; ret 21_2_009490F3
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_009496C8 push ecx; ret 21_2_009496DD
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac86a.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\HTMLayout.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dllJump to dropped file
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\wixstdba.dllJump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\lum_sdk32.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac86d.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libcurl.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libcrypto-1_1.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x86_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\instcont_x64_ais-a45.vpxJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\msvcr120.dllJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024320062980.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Qml.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libEGL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vccorlib140.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024283453352.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QmlModels.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeFile created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024264626300.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\imageformats\qgif.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libGLESv2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeFile created: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\net_updater32.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024237972132.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avbugreport_x64_ais-a45.vpxJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeFile created: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac870.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Gui.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024312062272.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac871.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Network.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\concrt140.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_1.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\instup_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac86c.rbf (copy)Jump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\DriverHub.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac86b.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Quick.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\libssl-1_1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac878.rbf (copy)Jump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Widgets.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac86e.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\d3dcompiler_47.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5Core.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\platforms\qwindows.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\opengl32sw.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\x64\Installer.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140.dllJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140624301\opera_packageJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Win32\Installer.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac876.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac879.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac869.rbf (copy)Jump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\uat64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac877.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dllJump to dropped file
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\wixstdba.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: 3ac86f.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dllJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\msvcr120.dllJump to dropped file
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\HTMLayout.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vccorlib140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\concrt140.dllJump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_1.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeFile created: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\instup_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\msvcp140_2.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x86_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\uat64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avbugreport_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\instcont_x64_ais-a45.vpxJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeFile created: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\wixstdba.dllJump to dropped file
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140624301\opera_packageJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avbugreport_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x86_ais-a45.vpxJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\instcont_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeFile created: C:\Windows\Temp\asw.b569351eb821d9a8\instup_x64_ais-a45.vpxJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814062426827.log
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814062432433.log
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1028\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1029\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1031\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1036\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1040\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1041\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1042\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1045\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1046\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1049\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1055\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\2052\license.rtfJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeFile created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\3082\license.rtfJump to behavior
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1028\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1029\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1031\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1036\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1040\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1041\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1042\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1045\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1046\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1049\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1055\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\2052\license.rtf
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeFile created: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\3082\license.rtf
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\README.txt
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestoreJump to behavior
        Source: C:\Windows\System32\SrTasks.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPPJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverHub.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44}Jump to behavior

        Hooking and other Techniques for Hiding and Protection

        barindex
        Creates files in alternative data streams (ADS)
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeFile created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_session_id:LUM:$DATA
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Queries memory information (via WMI often done to detect virtual machines)
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
        Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeSystem information queried: FirmwareTableInformation
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeSystem information queried: FirmwareTableInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeSystem information queried: FirmwareTableInformation
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: 5460000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: C780000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: C900000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMemory allocated: 8380000 memory reserve | memory write watch
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMemory allocated: 85C0000 memory reserve | memory write watch
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeMemory allocated: 83F0000 memory reserve | memory write watch
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMemory allocated: 12E0000 memory reserve | memory write watch
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMemory allocated: 2C40000 memory reserve | memory write watch
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeMemory allocated: 4C40000 memory reserve | memory write watch
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 922337203685477
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWindow / User API: threadDelayed 3595
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWindow / User API: threadDelayed 6125
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140esn.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140ita.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac86a.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140deu.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeJump to dropped file
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.b569351eb821d9a8\HTMLayout.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcamp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140jpn.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024312062272.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140chs.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm140u.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac871.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dllJump to dropped file
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\wixstdba.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\concrt140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac86d.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.b569351eb821d9a8\instup_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140fra.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x64_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac86c.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcomp140.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libcrypto-1_1.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x86_ais-a45.vpxJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140rus.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140cht.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac86b.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfcm140.dllJump to dropped file
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeDropped PE file which has not been started: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024320062980.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libssl-1_1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac878.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libEGL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vccorlib140.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024283453352.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac86e.rbf (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024264626300.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp140_atomic_wait.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\d3dcompiler_47.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\platforms\qwindows.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\imageformats\qgif.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\x64\Installer.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\libGLESv2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140u.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140kor.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp140_codecvt_ids.dllJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140624301\opera_packageJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\Win32\Installer.exeJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac876.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dllJump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac879.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\net_updater32.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\msvcp140_2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac869.rbf (copy)Jump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\mfc140enu.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\vcruntime140_threads.dllJump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.b569351eb821d9a8\uat64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac877.rbf (copy)Jump to dropped file
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.b569351eb821d9a8\avbugreport_x64_ais-a45.vpxJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024237972132.dllJump to dropped file
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeDropped PE file which has not been started: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\wixstdba.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac86f.rbf (copy)Jump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: 3ac870.rbf (copy)Jump to dropped file
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeDropped PE file which has not been started: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dllJump to dropped file
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeEvaded block: after key decision
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeEvaded block: after key decision
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeEvaded block: after key decision
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeEvaded block: after key decision
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeEvaded block: after key decision
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeAPI coverage: 9.6 %
        Source: C:\Windows\System32\SrTasks.exe TID: 320Thread sleep time: -290000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 5792Thread sleep time: -30000s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -36893488147419080s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -60000s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59889s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59769s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59644s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59520s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59382s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59206s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -59063s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58935s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58807s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58629s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58505s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58366s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58238s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -58115s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -57619s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -57503s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -57379s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -57254s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -57129s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56980s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56873s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56770s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56644s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56516s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56382s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56272s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56159s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -56036s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55892s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55764s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55662s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55524s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55418s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55296s >= -30000s
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exe TID: 2612Thread sleep time: -55176s >= -30000s
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe TID: 5228Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe TID: 3648Thread sleep time: -30000s >= -30000s
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe TID: 2812Thread sleep time: -30000s >= -30000s
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe TID: 3288Thread sleep time: -30000s >= -30000s
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeFile opened: PhysicalDrive0
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 006CFE5Dh4_2_006CFDC2
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006CFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 006CFE56h4_2_006CFDC2
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0092FE5Dh5_2_0092FDC2
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0092FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0092FE56h5_2_0092FDC2
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00E1FE5Dh6_2_00E1FDC2
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E1FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00E1FE56h6_2_00E1FDC2
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003DFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 003DFE5Dh16_2_003DFDC2
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003DFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 003DFE56h16_2_003DFDC2
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile Volume queried: C:\Windows FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zS05890C7B FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\7zS05890C7B FullSizeInformation
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_00693BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,4_2_00693BC3
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D4315 FindFirstFileW,FindClose,4_2_006D4315
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006A993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,4_2_006A993E
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C7A87 FindFirstFileExW,4_2_006C7A87
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00934315 FindFirstFileW,FindClose,5_2_00934315
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0090993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,5_2_0090993E
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_008F3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,5_2_008F3BC3
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00927A87 FindFirstFileExW,5_2_00927A87
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E24315 FindFirstFileW,FindClose,6_2_00E24315
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DF993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,6_2_00DF993E
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00DE3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,6_2_00DE3BC3
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E17A87 FindFirstFileExW,6_2_00E17A87
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003E4315 FindFirstFileW,FindClose,16_2_003E4315
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003B993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,16_2_003B993E
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D7A87 FindFirstFileExW,16_2_003D7A87
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003A3BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,16_2_003A3BC3
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_00918D20 FindFirstFileW,21_2_00918D20
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_0093FEEB FindFirstFileExW,21_2_0093FEEB
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D962D VirtualQuery,GetSystemInfo,4_2_006D962D
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 60000
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59889
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59769
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59644
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59520
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59382
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59206
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 59063
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58935
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58807
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58629
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58505
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58366
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58238
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 58115
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 57619
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 57503
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 57379
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 57254
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 57129
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56980
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56873
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56770
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56644
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56516
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56382
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56272
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56159
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 56036
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55892
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55764
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55662
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55524
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55418
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55296
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeThread delayed: delay time: 55176
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULLJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packagesJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532Jump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\NULLJump to behavior
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeFile opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULLJump to behavior
        Source: SrTasks.exe, 0000000A.00000003.2499254128.0000018EBD1CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
        Source: SrTasks.exe, 0000000A.00000003.2564093483.0000018EBD1CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b
        Source: DriverHub.exe, 00000013.00000003.2804711597.000000000570E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
        Source: VC_redist.x86.exe, 00000005.00000003.2545969902.0000000000DC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}D
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {0}: {1}{2}#Microsoft Hyper-V
        Source: DriverHub.exe, 00000013.00000003.2804711597.000000000570E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.Gallium 0.4 on llvmpipe (LLVM 3.6, 256 bits)
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - Properties:#Microsoft Hyper-V3HARDWARE\ACPI\DSDT\MSFTVM+microsoft corporation/microsoft hyper-v video
        Source: VC_redist.x86.exe, 00000005.00000003.2545969902.0000000000DC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: DriverHub.exe, DriverHub.exe, 00000013.00000003.3129136395.00000000061FF000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2991079511.000000000117F000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3026249141.00000000054B2000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3009979156.00000000054B2000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191516268.00000000054B2000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3010393368.00000000054B5000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.2907359077.00000000054B5000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.2905387598.00000000054B2000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3004143194.00000000054B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: usb;^(VirtualBox|Hyper-V|VMware)
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware svga 3d
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: QemuDetector
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareDetector
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: virtual/microsoft hyper-v video
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: parallels1parallels shared printer7parallels location providerCparallels virtio ethernet adapter3parallels display adapter7parallels memory controllerQEMU3HARDWARE\ACPI\DSDT\BOCHS_qemu
        Source: SrTasks.exe, 0000000A.00000003.2564093483.0000018EBD1CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware3HARDWARE\ACPI\DSDT\PTLTD_
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VirtualBox3HARDWARE\ACPI\DSDT\VBOX__
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeAPI call chain: ExitProcess graph end node
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess queried: DebugPort
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_006BE625
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C4812 mov eax, dword ptr fs:[00000030h]4_2_006C4812
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00924812 mov eax, dword ptr fs:[00000030h]5_2_00924812
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E14812 mov eax, dword ptr fs:[00000030h]6_2_00E14812
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D4812 mov eax, dword ptr fs:[00000030h]16_2_003D4812
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006938D4 GetProcessHeap,RtlAllocateHeap,4_2_006938D4
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess token adjusted: Debug
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeProcess token adjusted: Debug
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_006BE188
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_006BE625
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE773 SetUnhandledExceptionFilter,4_2_006BE773
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006C3BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_006C3BB0
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0091E188
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0091E625
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_0091E773 SetUnhandledExceptionFilter,5_2_0091E773
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeCode function: 5_2_00923BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00923BB0
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00E0E188
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00E0E625
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E0E773 SetUnhandledExceptionFilter,6_2_00E0E773
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeCode function: 6_2_00E13BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00E13BB0
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CE188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_003CE188
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_003CE625
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003CE773 SetUnhandledExceptionFilter,16_2_003CE773
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeCode function: 16_2_003D3BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_003D3BB0
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_009316E8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_009316E8
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_009317B7 SetUnhandledExceptionFilter,21_2_009317B7
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_009367CB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_009367CB
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: 21_2_00930D2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00930D2C
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe "C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestartJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files (x86)\DriverHub\DriverHub.exe "C:\Program Files (x86)\DriverHub\DriverHub.exe" Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0Jump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe "C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WSJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chromeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeProcess created: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe "C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532 /quiet /norestartJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeProcess created: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe "C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{C5045546-B7FD-4832-9136-56B66BF2BB8B} {DC18713B-4B15-42EE-96B9-503491E8A295} 2300Jump to behavior
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeProcess created: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeProcess created: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe "C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=MWU4M2E0MTFmY2E4ZWJlODYwMGQ0OTFhNzZkNzg4ODYxODcyYzVhYzI5YWM2NzRkNzczOTYyZjNjMDJlM2U1Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMxMDU4LjI3OTEiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImQ5MjJhNTI5N2UzYjQzZjdiMDdlZTBlYWI1OGVhNzQwIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiYzM4ZGNhNWUtNDk3NS00YzIyLThiODQtODRjNTQwNDMyOGFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1C06000000000000
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exeProcess created: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe "C:\Windows\Temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe --silent --allusers=0 --server-tracking-blob=nmjhmtgyzty5zgvjmmqyogi4oge4zju4odc2odc0mjizythindg4ogzizgrhzmnhmmy3nti0mzfjmjk5nmyzodp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1kotiyytuyotdlm2i0m2y3yja3zwuwzwfinthlytc0mcz1dg1fy29udgvudd0zodq5x29wz3g1iiwidgltzxn0yw1wijoimtcymzyzmta1oc4ynzkxiiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc4ymcisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g1iiwiawqioijkotiyytuyotdlm2i0m2y3yja3zwuwzwfinthlytc0mcisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6immzogrjytvlltq5nzutngmymi04yjg0ltg0yzu0mdqzmjhhyij9
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe "c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=mwu4m2e0mtfmy2e4zwjlodywmgq0otfhnzzknzg4odyxodcyyzvhyzi5ywm2nzrknzczotyyzjnjmdjlm2u1mjp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1kotiyytuyotdlm2i0m2y3yja3zwuwzwfinthlytc0mcz1dg1fy29udgvudd0zodq5x29wz3g1iiwic3lzdgvtijp7inbsyxrmb3jtijp7imfyy2gioij4odzfnjqilcjvchn5cyi6ildpbmrvd3milcjvchn5cy12zxjzaw9uijoimtailcjwywnrywdlijoirvhfin19lcj0aw1lc3rhbxaioiixnziznjmxmdu4lji3oteilcj1c2vyywdlbnqioijecml2zxjidwjjbnn0ywxszxivmy40ljiwiiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bneduilcjpzci6imq5mjjhnti5n2uzyjqzzjdimddlztblywi1ogvhnzqwiiwibwvkaxvtijoicgeilcjzb3vyy2uioijqv05nyw1lcyj9lcj1dwlkijoiyzm4zgnhnwutndk3ns00yziylthiodqtodrjntqwndmyogfiin0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1c06000000000000
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe "c:\windows\temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /ws /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:c:\windows\temp\asw.220e65e681ab5e8f /geo:us
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe --silent --allusers=0 --server-tracking-blob=nmjhmtgyzty5zgvjmmqyogi4oge4zju4odc2odc0mjizythindg4ogzizgrhzmnhmmy3nti0mzfjmjk5nmyzodp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qioijvcgvyyv9necisinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1kotiyytuyotdlm2i0m2y3yja3zwuwzwfinthlytc0mcz1dg1fy29udgvudd0zodq5x29wz3g1iiwidgltzxn0yw1wijoimtcymzyzmta1oc4ynzkxiiwidxnlcmfnzw50ijoirhjpdmvyshvisw5zdgfsbgvylzmunc4ymcisinv0bsi6eyjjyw1wywlnbii6ilbxtl9vu19qqjvfmzg0osisimnvbnrlbnqioiizodq5x29wz3g1iiwiawqioijkotiyytuyotdlm2i0m2y3yja3zwuwzwfinthlytc0mcisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6immzogrjytvlltq5nzutngmymi04yjg0ltg0yzu0mdqzmjhhyij9
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe "c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=mwu4m2e0mtfmy2e4zwjlodywmgq0otfhnzzknzg4odyxodcyyzvhyzi5ywm2nzrknzczotyyzjnjmdjlm2u1mjp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmiisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0yp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1vtx1bcnv8zodq5jnv0bv9pzd1kotiyytuyotdlm2i0m2y3yja3zwuwzwfinthlytc0mcz1dg1fy29udgvudd0zodq5x29wz3g1iiwic3lzdgvtijp7inbsyxrmb3jtijp7imfyy2gioij4odzfnjqilcjvchn5cyi6ildpbmrvd3milcjvchn5cy12zxjzaw9uijoimtailcjwywnrywdlijoirvhfin19lcj0aw1lc3rhbxaioiixnziznjmxmdu4lji3oteilcj1c2vyywdlbnqioijecml2zxjidwjjbnn0ywxszxivmy40ljiwiiwidxrtijp7imnhbxbhawduijoiufdox1vtx1bcnv8zodq5iiwiy29udgvudci6ijm4ndlfb3bneduilcjpzci6imq5mjjhnti5n2uzyjqzzjdimddlztblywi1ogvhnzqwiiwibwvkaxvtijoicgeilcjzb3vyy2uioijqv05nyw1lcyj9lcj1dwlkijoiyzm4zgnhnwutndk3ns00yziylthiodqtodrjntqwndmyogfiin0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1c06000000000000
        Source: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe c:\users\user\appdata\local\temp\7zs05890c7b\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c
        Source: C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe "c:\windows\temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /ws /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:c:\windows\temp\asw.220e65e681ab5e8f /geo:us
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D15CB InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,4_2_006D15CB
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D393B AllocateAndInitializeSid,CheckTokenMembership,4_2_006D393B
        Source: DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpBinary or memory string: Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE9A7 cpuid 4_2_006BE9A7
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,21_2_00943117
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetLocaleInfoEx,FormatMessageA,21_2_0093239E
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: EnumSystemLocalesW,21_2_009433C3
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: EnumSystemLocalesW,21_2_009434A9
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: EnumSystemLocalesW,21_2_0094340E
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,21_2_00943534
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetLocaleInfoW,21_2_00943787
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,21_2_009438B0
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetLocaleInfoW,21_2_009439B6
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,21_2_00943A8C
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: EnumSystemLocalesW,21_2_0093CA14
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exeCode function: GetLocaleInfoW,21_2_0093CF23
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exeQueries volume information: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\logo.png VolumeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
        Source: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\logo.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\platforms\qwindows.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick.2\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\imageformats\qgif.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\qmldir VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\icons.ttf VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\icons.ttf VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\header.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\header.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left.png VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
        Source: C:\Program Files (x86)\DriverHub\DriverHub.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe VolumeInformation
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
        Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
        Source: C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exeQueries volume information: C:\Windows\Temp\asw.b569351eb821d9a8\servers.def.vpx VolumeInformation
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006A4CE8 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,4_2_006A4CE8
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006BE513 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_006BE513
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006960BA GetUserNameW,GetLastError,4_2_006960BA
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_006D8733 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,4_2_006D8733
        Source: C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exeCode function: 4_2_0069508D GetModuleHandleW,CoInitializeEx,GetVersionExW,GetLastError,CoUninitialize,4_2_0069508D
        Source: C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Replication Through Removable Media        		221
        Windows Management Instrumentation        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		OS Credential Dumping12
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Native API        		22
        Windows Service        		1
        Access Token Manipulation        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory11
        Peripheral Device Discovery        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts13
        Command and Scripting Interpreter        		11
        Registry Run Keys / Startup Folder        		22
        Windows Service        		2
        Obfuscated Files or Information        		Security Account Manager1
        Account Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts1
        Service Execution        		Login Hook13
        Process Injection        		1
        Software Packing        		NTDS4
        File and Directory Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
        Registry Run Keys / Startup Folder        		1
        Timestomp        		LSA Secrets67
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain Credentials1
        Query Registry        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        File Deletion        		DCSync351
        Security Software Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job32
        Masquerading        		Proc Filesystem2
        Process Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt261
        Virtualization/Sandbox Evasion        		/etc/passwd and /etc/shadow261
        Virtualization/Sandbox Evasion        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Access Token Manipulation        		Network Sniffing1
        Application Window Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd13
        Process Injection        		Input Capture1
        System Owner/User Discovery        		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
        Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
        NTFS File Attributes        		Keylogging1
        Remote System Discovery        		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1492758 Sample: SecuriteInfo.com.Program.Un... Startdate: 14/08/2024 Architecture: WINDOWS Score: 44 169 Multi AV Scanner detection for domain / URL 2->169 171 Malicious sample detected (through community Yara rule) 2->171 173 Multi AV Scanner detection for submitted file 2->173 175 4 other signatures 2->175 9 SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe 15 686 2->9         started        13 msiexec.exe 2->13         started        15 VC_redist.x86.exe 2->15         started        17 SrTasks.exe 1 2->17         started        process3 dnsIp4 163 188.130.153.32 ROSTPAY-ASRU Russian Federation 9->163 165 188.130.153.33 ROSTPAY-ASRU Russian Federation 9->165 167 3 other IPs or domains 9->167 113 C:\Users\user\AppData\...\AvastDownloader.exe, PE32 9->113 dropped 115 C:\Program Files (x86)\...\DriverHub.exe, PE32 9->115 dropped 117 C:\Users\user\AppData\...\VC_redist.x86.exe, PE32 9->117 dropped 125 41 other files (none is malicious) 9->125 dropped 19 AvastDownloader.exe 9->19         started        24 DriverHub.exe 9->24         started        26 OperaGXDownloader.exe 9->26         started        32 2 other processes 9->32 119 C:\Windows\...\vcruntime140_threads.dll, PE32 13->119 dropped 121 C:\Windows\SysWOW64\vcruntime140.dll, PE32 13->121 dropped 123 C:\Windows\SysWOW64\vcomp140.dll, PE32 13->123 dropped 127 35 other files (none is malicious) 13->127 dropped 28 VC_redist.x86.exe 15->28         started        30 conhost.exe 17->30         started        file5 process6 dnsIp7 137 172.217.16.206 GOOGLEUS United States 19->137 139 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 19->139 147 2 other IPs or domains 19->147 99 avast_free_antivir...etup_online_x64.exe, PE32+ 19->99 dropped 181 Query firmware table information (likely to detect VMs) 19->181 34 avast_free_antivirus_setup_online_x64.exe 19->34         started        141 161.35.48.195 DIGITALOCEAN-ASNUS United States 24->141 143 159.223.133.120 CELANESE-US United States 24->143 145 3.228.36.186 AMAZON-AESUS United States 24->145 101 C:\ProgramData\...\brd_sdk32_clr.dll, PE32 24->101 dropped 103 C:\ProgramData\...\lum_sdk_session_id:LUM, ASCII 24->103 dropped 105 C:\ProgramData\...\lum_sdk_session_id, ASCII 24->105 dropped 111 2 other files (none is malicious) 24->111 dropped 183 Creates files in alternative data streams (ADS) 24->183 38 test_wpf.exe 24->38         started        107 C:\Users\user\AppData\Local\...\setup.exe, PE32 26->107 dropped 40 setup.exe 26->40         started        43 VC_redist.x86.exe 28->43         started        149 2 other IPs or domains 32->149 109 C:\Windows\Temp\...\VC_redist.x86.exe, PE32 32->109 dropped 45 VC_redist.x86.exe 71 32->45         started        47 chrome.exe 32->47         started        file8 signatures9 process10 dnsIp11 65 C:\Windows\Temp\...\Instup.exe, PE32+ 34->65 dropped 67 C:\Windows\Temp\...\Instup.dll, PE32+ 34->67 dropped 69 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 34->69 dropped 177 Query firmware table information (likely to detect VMs) 34->177 49 Instup.exe 34->49         started        151 185.26.182.122 NO-OPERANO Norway 40->151 153 185.26.182.94 NO-OPERANO Norway 40->153 159 4 other IPs or domains 40->159 71 Opera_installer_2408141024237972132.dll, PE32 40->71 dropped 73 C:\Users\user\AppData\Local\...\setup.exe, PE32 40->73 dropped 81 2 other files (none is malicious) 40->81 dropped 54 setup.exe 40->54         started        56 setup.exe 40->56         started        58 setup.exe 40->58         started        75 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 43->75 dropped 77 C:\Windows\Temp\...\VC_redist.x86.exe, PE32 45->77 dropped 79 C:\Windows\Temp\...\wixstdba.dll, PE32 45->79 dropped 60 VC_redist.x86.exe 34 18 45->60         started        155 77.88.21.119 YANDEXRU Russian Federation 47->155 157 87.250.250.119 YANDEXRU Russian Federation 47->157 161 16 other IPs or domains 47->161 file12 signatures13 process14 dnsIp15 131 8.8.8.8 GOOGLEUS United States 49->131 133 34.160.176.28 ATGS-MMD-ASUS United States 49->133 135 2.19.198.50 AKAMAI-ASUS European Union 49->135 83 C:\Windows\Temp\...\uat64.dll, PE32+ 49->83 dropped 85 C:\Windows\Temp\...\instup_x64_ais-a45.vpx, PE32+ 49->85 dropped 87 C:\Windows\Temp\...\instcont_x64_ais-a45.vpx, PE32+ 49->87 dropped 97 3 other files (none is malicious) 49->97 dropped 179 Query firmware table information (likely to detect VMs) 49->179 89 Opera_installer_2408141024312062272.dll, PE32 54->89 dropped 62 setup.exe 54->62         started        91 Opera_installer_2408141024264626300.dll, PE32 56->91 dropped 93 Opera_installer_2408141024283453352.dll, PE32 58->93 dropped 95 C:\ProgramData\...\VC_redist.x86.exe, PE32 60->95 dropped file16 signatures17 process18 file19 129 Opera_installer_2408141024320062980.dll, PE32 62->129 dropped

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe17%VirustotalBrowse
        SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe21%ReversingLabsWin32.Downloader.Rostpay

        Dropped Files

        SourceDetectionScannerLabelLink
        3ac869.rbf (copy)0%ReversingLabs
        3ac86a.rbf (copy)0%ReversingLabs
        3ac86b.rbf (copy)0%ReversingLabs
        3ac86c.rbf (copy)0%ReversingLabs
        3ac86d.rbf (copy)0%ReversingLabs
        3ac86e.rbf (copy)0%ReversingLabs
        3ac86f.rbf (copy)0%ReversingLabs
        3ac870.rbf (copy)0%ReversingLabs
        3ac871.rbf (copy)0%ReversingLabs
        3ac876.rbf (copy)0%ReversingLabs
        3ac877.rbf (copy)0%ReversingLabs
        3ac878.rbf (copy)0%ReversingLabs
        3ac879.rbf (copy)0%ReversingLabs
        C:\Program Files (x86)\DriverHub\DriverHub.exe3%ReversingLabs
        C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exe5%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5Core.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5Gui.dll2%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5Network.dll2%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5Qml.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5QmlModels.dll2%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5Quick.dll2%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\Qt5Widgets.dll2%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll0%ReversingLabs
        C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://wixtoolset.org/schemas/thmutil/20100%URL Reputationsafe
        http://wixtoolset.org/schemas/thmutil/20100%URL Reputationsafe
        https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new0%URL Reputationsafe
        https://crashpad.chromium.org/0%URL Reputationsafe
        https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
        https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg0%Avira URL Cloudsafe
        https://download.opera.com/0%Avira URL Cloudsafe
        https://legal.opera.com/terms0%Avira URL Cloudsafe
        https://help.opera.com/latest/0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#0%Avira URL Cloudsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        https://crashpad.chromium.org/bug/new0%URL Reputationsafe
        http://www.gimp.org/xmp/0%URL Reputationsafe
        https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller0%Avira URL Cloudsafe
        https://policies.google.com/terms;0%Avira URL Cloudsafe
        https://help.opera.com/latest/0%VirustotalBrowse
        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#0%VirustotalBrowse
        https://download3.operacdn.com/ftp/pub/opera_gx/112.0.5197.60/win/Opera_GX_112.0.5197.60_Autoupdate_0%Avira URL Cloudsafe
        http://localhost:3001api/prefs/?product=$1&version=$2..0%Avira URL Cloudsafe
        https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller0%VirustotalBrowse
        https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opg0%VirustotalBrowse
        https://legal.opera.com/terms0%VirustotalBrowse
        https://www.google.com0%Avira URL Cloudsafe
        https://download3.operacdn.com/ftp/pub/opera_gx/112.0.5197.60/win/Opera_GX_112.0.5197.60_Autoupdate_0%VirustotalBrowse
        https://download.opera.com/0%VirustotalBrowse
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraBold0%Avira URL Cloudsafe
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThin0%Avira URL Cloudsafe
        https://download.opera.com/W0%Avira URL Cloudsafe
        https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW_AZ_CPI202204_6.6.0.1054.exe0%Avira URL Cloudsafe
        https://www.google.com0%VirustotalBrowse
        https://download3.operacdn.com/0%Avira URL Cloudsafe
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraBold0%VirustotalBrowse
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL0%Avira URL Cloudsafe
        https://www.opera.com0%Avira URL Cloudsafe
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThin0%VirustotalBrowse
        https://download.opera.com/W0%VirustotalBrowse
        https://download3.operacdn.com/u0%Avira URL Cloudsafe
        https://www.az-partners.net/s/oEZd1yaga.icoYandex0%Avira URL Cloudsafe
        http://foo/bar/test_wpf.baml0%Avira URL Cloudsafe
        https://www.opera.com0%VirustotalBrowse
        https://download3.operacdn.com/u0%VirustotalBrowse
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL0%VirustotalBrowse
        https://bright-sdk.com/privacy-policy?0%Avira URL Cloudsafe
        https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_0%Avira URL Cloudsafe
        https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW_AZ_CPI202204_6.6.0.1054.exe2%VirustotalBrowse
        https://www.az-partners.net/s/oEZd1yaga.icoYandex0%VirustotalBrowse
        https://api.drvhub.netgzip0%Avira URL Cloudsafe
        http://autoupdate-staging.services.ams.osa/netinstallervFetching0%Avira URL Cloudsafe
        https://desktop-netinstaller-sub.osp.opera.software/v1/binary0%Avira URL Cloudsafe
        https://download3.operacdn.com/0%VirustotalBrowse
        http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#0%Avira URL Cloudsafe
        https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_5%VirustotalBrowse
        https://brightdata.com/faq#lum-peers?0%Avira URL Cloudsafe
        https://bright-sdk.com/privacy-policy?0%VirustotalBrowse
        https://desktop-netinstaller-sub.osp.opera.software/v1/binary0%VirustotalBrowse
        https://brightdata.com/legal/sdk-eulaBottomUrlp0%Avira URL Cloudsafe
        https://addons.opera.com/en/extensions/details/dify-cashback/0%Avira URL Cloudsafe
        http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi0%Avira URL Cloudsafe
        https://autoupdate.geo.opera.com/geolocation/0%Avira URL Cloudsafe
        http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#0%VirustotalBrowse
        https://crashstats-collector.opera.com/collector/submit0%Avira URL Cloudsafe
        http://www.opera.com00%Avira URL Cloudsafe
        http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi0%VirustotalBrowse
        https://addons.opera.com/en/extensions/details/dify-cashback/0%VirustotalBrowse
        https://autoupdate.geo.opera.com/geolocation/0%VirustotalBrowse
        https://crashstats-collector.opera.com/collector/submit0%VirustotalBrowse
        https://brightdata.com/legal/sdk-eulaBottomUrlp0%VirustotalBrowse
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewaySemiBold0%Avira URL Cloudsafe
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayBlack0%Avira URL Cloudsafe
        http://foo/test_wpf.xamld0%Avira URL Cloudsafe
        https://distrsubv4.go.mail.ru/atom/silent/?utm_source=azpartner&rfrautorundaysAtomDownloader.exe/SIL0%Avira URL Cloudsafe
        https://brightdata.com/faq#lum-peers?0%VirustotalBrowse
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewaySemiBold0%VirustotalBrowse
        https://opera.com/privacy0%Avira URL Cloudsafe
        https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64=0%Avira URL Cloudsafe
        http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayBlack0%VirustotalBrowse
        https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarex0%Avira URL Cloudsafe
        https://gamemaker.io)0%Avira URL Cloudsafe
        https://opera.com/privacy0%VirustotalBrowse
        https://distrsubv4.go.mail.ru/atom/silent/?utm_source=azpartner&rfrautorundaysAtomDownloader.exe/SIL0%VirustotalBrowse
        https://sourcecode.opera.com0%Avira URL Cloudsafe
        http://brightdata.com0%Avira URL Cloudsafe
        https://s-iavast.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe0%Avira URL Cloudsafe
        http://wixtoolset.org/schemas/thmutil/2010(0%Avira URL Cloudsafe
        https://bright-sdk.com/EULA?0%Avira URL Cloudsafe
        https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarex0%VirustotalBrowse
        http://defaultcontainer/test_wpf;component/test_wpf.xaml0%Avira URL Cloudsafe
        https://curl.se/docs/copyright.html0%Avira URL Cloudsafe
        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z0%Avira URL Cloudsafe
        https://www.qt.io/contact-us.0%Avira URL Cloudsafe
        https://www.drvhub.net/products/free/download0%Avira URL Cloudsafe
        https://gamemaker.io/en/get.0%Avira URL Cloudsafe
        https://www.opera.com/gx/0%Avira URL Cloudsafe
        https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64=0%VirustotalBrowse
        https://gamemaker.io0%Avira URL Cloudsafe
        http://www.apache.org/licenses/LICENSE-2.0Open0%Avira URL Cloudsafe
        https://brightdata.com/faq#accepted_usage?0%Avira URL Cloudsafe
        https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&p0%Avira URL Cloudsafe
        https://help.instagram.com/581066165581870;0%Avira URL Cloudsafe
        http://https://allow_fallback/geo/v2/infoip-info.ff.avast.com0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://multipassword.com/en/extension-thankyoufalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://legal.opera.com/termsOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://wixtoolset.org/schemas/thmutil/2010VC_redist.x86.exe, 00000005.00000002.2548263729.0000000002D20000.00000004.00000020.00020000.00000000.sdmp, VC_redist.x86.exe, 00000005.00000002.2548758642.0000000003110000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_US_PB5_3849&utm_content=3849_opgsetup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://download.opera.com/setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://help.opera.com/latest/OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://policies.google.com/terms;OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstallerOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://download3.operacdn.com/ftp/pub/opera_gx/112.0.5197.60/win/Opera_GX_112.0.5197.60_Autoupdate_setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3020531178.000000000118E000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://localhost:3001api/prefs/?product=$1&version=$2..OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.google.comSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayExtraBoldDriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayThinDriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://download.opera.com/Wsetup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://free.360totalsecurity.com/totalsecurity/360TS_Setup_Mini_WW_AZ_CPI202204_6.6.0.1054.exeDriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 2%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://download3.operacdn.com/setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://www.opera.comOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLDriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://download3.operacdn.com/usetup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://www.az-partners.net/s/oEZd1yaga.icoYandexSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://foo/bar/test_wpf.bamltest_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://bright-sdk.com/privacy-policy?DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://cdn-download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1#pc/savg_secure_browser_SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpfalse
          • 5%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://api.drvhub.netgzipSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://autoupdate-staging.services.ams.osa/netinstallervFetchingOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://desktop-netinstaller-sub.osp.opera.software/v1/binarysetup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://brightdata.com/faq#lum-peers?DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://brightdata.com/legal/sdk-eulaBottomUrlpSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2173850908.000000000D6D7000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://crashpad.chromium.org/OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://addons.opera.com/en/extensions/details/dify-cashback/setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiAvastDownloader.exe, 00000017.00000003.3026249141.0000000005499000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191516268.0000000005499000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3027747829.000000000548B000.00000004.00000020.00020000.00000000.sdmp, AvastDownloader.exe, 00000017.00000003.3191818220.000000000548B000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://autoupdate.geo.opera.com/geolocation/OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://crashstats-collector.opera.com/collector/submitOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.opera.com0OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877488863.0000000004570000.00000004.00001000.00020000.00000000.sdmp, OperaGXDownloader.exe, 00000015.00000003.2877166094.00000000043B0000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2919110223.0000000003A84000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewaySemiBoldDriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLRalewayBlackDriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://foo/test_wpf.xamldtest_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://distrsubv4.go.mail.ru/atom/silent/?utm_source=azpartner&rfrautorundaysAtomDownloader.exe/SILSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://opera.com/privacyOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwarexsetup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64=setup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://gamemaker.io)OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://sourcecode.opera.comOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://brightdata.comDriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://s-iavast.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exeAvastDownloader.exe, 00000017.00000003.3004143194.00000000054CE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://wixtoolset.org/schemas/thmutil/2010(VC_redist.x86.exe, 00000005.00000002.2548758642.0000000003110000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://bright-sdk.com/EULA?DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://defaultcontainer/test_wpf;component/test_wpf.xamltest_wpf.exe, 00000014.00000002.2793854655.0000000002C41000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://curl.se/docs/copyright.htmlSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2159579305.000000000D6DB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zAvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.qt.io/contact-us.DriverHub.exe, 00000013.00000003.2847296354.00000000057AE000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.drvhub.net/products/free/downloadSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2147851988.000000000A9CB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://gamemaker.io/en/get.OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.newtonsoft.com/jsonschemaDriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.opera.com/gx/OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://gamemaker.ioOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.apache.org/licenses/LICENSE-2.0OpenDriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://brightdata.com/faq#accepted_usage?DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://api.config.opr.gg/v0/config?utm_campaign=PWN_US_PB5_3849&utm_medium=pa&utm_source=PWNgames&psetup.exe, 00000016.00000003.3009505688.00000000011D0000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3019792494.00000000011D1000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://help.instagram.com/581066165581870;OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://https://allow_fallback/geo/v2/infoip-info.ff.avast.comAvastDownloader.exe, 00000017.00000002.3318183913.0000000000A04000.00000002.00000001.01000000.0000003F.sdmp, AvastDownloader.exe, 00000017.00000000.2890197364.0000000000A04000.00000002.00000001.01000000.0000003F.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.qt.io/terms-conditiDriverHub.exe, DriverHub.exe, 00000013.00000003.2877481394.00000000060F8000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000060DC000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.az-partners.net/s/Emq7Etvprog.icoSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://api.config.opr.gg/v0/configOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://appsyndication.org/2006/appsynVC_redist.x86.exefalse
          • Avira URL Cloud: safe
          		unknown
          https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://ip-info.ff.avast.com/v2/infoAvastDownloader.exe, 00000017.00000003.2907074466.0000000005497000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://ru.drvhub.net/contactsDriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.winimage.com/zLibDllPSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://ocsp.sectigo.com0AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.opera.com/privacysetup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://crashpad.chromium.org/bug/newOperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.gimp.org/xmp/SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.3225512899.0000000007E43000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://features.opera-api2.com/0.5197.60setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.000000000119E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.avast.com0/AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1setup.exe, 00000016.00000003.2991079511.000000000117F000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2990263780.00000000011B5000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://gamemaker.io/en/education.OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://legal.opera.com/terms.setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://net.geo.opera.com/opera/stable?utm_medium=apb&utm_source=RSTP&utm_campaign=SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://telegram.org/tos/OperaGXDownloader.exe, 00000015.00000003.2877554470.0000000003795000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000002.3320846926.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000016.00000000.2884292199.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000002.3319160874.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 00000018.00000000.2893391954.0000000000719000.00000002.00000001.01000000.0000003E.sdmp, setup.exe, 0000001B.00000002.2942906393.0000000000CB9000.00000002.00000001.01000000.00000042.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.brightdata.com?DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://features.opera-api2.com/setup.exe, 00000016.00000003.3019792494.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3009505688.00000000011B1000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.000000000119E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://doc.qt.io/qt-5/qtquickcontrols2-styles.htmlSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2166076733.000000000D6D9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000000.2772530376.000000000083D000.00000002.00000001.01000000.00000019.sdmp, DriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://download3.operacdn.com/res/servicefiles/partner_content/std-2/1714144780-custom_partner_contsetup.exe, 00000016.00000003.2989914687.000000000118E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://features.opera-api2.com/-8798-297a9453adf0&product=gx&channel=Stable&version=112.0.5197.607setup.exe, 00000016.00000003.3020531178.000000000119E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000016.00000003.3002338613.000000000119E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.gnu.org/licenses/gpl-3.0.html.DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://bright-sdk.com/users#learn-more-about-bright-sdk-web-indexing?DriverHub.exe, 00000013.00000003.2881976340.00000000095E6000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.gnu.org/licenses/gpl-2.0.htmlDriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0AvastDownloader.exe, 00000017.00000003.3004143194.0000000005478000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://s-iavast.avcdn.net/AvastDownloader.exe, 00000017.00000003.3004143194.000000000548B000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedDriverHub.exe, 00000013.00000002.3318523652.000000000083D000.00000002.00000001.01000000.00000019.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64setup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://brightdata.com/legal/sdk-eulaBottomUrlSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://get.surfshark.net/aff_c?offer_id=926&aff_id=13476&aff_sub=aff_subSecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000000.2035934122.0000000000A5D000.00000002.00000001.01000000.00000003.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.drvhub.net/products/uninstall?locale=SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe, 00000000.00000003.2173850908.000000000D6D7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64msetup.exe, 00000016.00000003.2991079511.0000000001176000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.gnu.org/licenses/lgpl-3.0.html.DriverHub.exe, 00000013.00000003.2877481394.00000000061B9000.00000004.00000020.00020000.00000000.sdmp, DriverHub.exe, 00000013.00000003.2873845733.00000000061B9000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.46
          		unknownUnited States
          		15169GOOGLEUSfalse
          188.130.153.40
          		unknownRussian Federation
          		204846ROSTPAY-ASRUfalse
          142.250.185.206
          		unknownUnited States
          		15169GOOGLEUSfalse
          104.18.24.17
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          23.57.19.217
          		unknownUnited States
          		16625AKAMAI-ASUSfalse
          104.18.187.31
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          34.149.149.62
          		unknownUnited States
          		2686ATGS-MMD-ASUSfalse
          87.250.250.119
          		unknownRussian Federation
          		13238YANDEXRUfalse
          142.250.185.100
          		unknownUnited States
          		15169GOOGLEUSfalse
          82.145.216.19
          		unknownUnited Kingdom
          		39832NO-OPERANOfalse
          2.22.242.56
          		unknownEuropean Union
          		20940AKAMAI-ASN1EUfalse
          142.250.185.227
          		unknownUnited States
          		15169GOOGLEUSfalse
          8.8.8.8
          		unknownUnited States
          		15169GOOGLEUSfalse
          2.19.198.50
          		unknownEuropean Union
          		16625AKAMAI-ASUSfalse
          93.158.134.119
          		unknownRussian Federation
          		13238YANDEXRUfalse
          185.26.182.112
          		unknownNorway
          		39832NO-OPERANOfalse
          87.250.251.119
          		unknownRussian Federation
          		13238YANDEXRUfalse
          3.228.36.186
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          82.145.217.121
          		unknownUnited Kingdom
          		39832NO-OPERANOfalse
          188.130.153.32
          		unknownRussian Federation
          		204846ROSTPAY-ASRUfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          104.18.186.31
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          159.223.133.120
          		unknownUnited States
          		46118CELANESE-USfalse
          188.130.153.33
          		unknownRussian Federation
          		204846ROSTPAY-ASRUfalse
          142.250.186.161
          		unknownUnited States
          		15169GOOGLEUSfalse
          161.35.48.195
          		unknownUnited States
          		14061DIGITALOCEAN-ASNUSfalse
          172.217.16.206
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.186.163
          		unknownUnited States
          		15169GOOGLEUSfalse
          185.26.182.94
          		unknownNorway
          		39832NO-OPERANOfalse
          88.221.125.14
          		unknownEuropean Union
          		16625AKAMAI-ASUSfalse
          142.250.185.138
          		unknownUnited States
          		15169GOOGLEUSfalse
          34.160.176.28
          		unknownUnited States
          		2686ATGS-MMD-ASUSfalse
          142.251.173.84
          		unknownUnited States
          		15169GOOGLEUSfalse
          34.117.223.223
          		unknownUnited States
          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          185.26.182.122
          		unknownNorway
          		39832NO-OPERANOfalse
          104.21.27.152
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          188.114.96.3
          		unknownEuropean Union
          		13335CLOUDFLARENETUSfalse
          77.88.21.119
          		unknownRussian Federation
          		13238YANDEXRUfalse
          142.250.184.234
          		unknownUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.5

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1492758
          Start date and time:2024-08-14 12:22:09 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 12m 27s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:33
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
          Detection:MAL
          Classification:mal44.phis.troj.evad.winEXE@57/1043@0/41
          EGA Information:
          • Successful, ratio: 75%
          HCA Information:
          • Successful, ratio: 93%
          • Number of executed functions: 141
          • Number of non-executed functions: 253
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, VSSVC.exe, svchost.exe
          • Execution Graph export aborted for target DriverHub.exe, PID 3748 because there are no executed function
          • Execution Graph export aborted for target setup.exe, PID 2132 because there are no executed function
          • Not all processes where analyzed, report is missing behavior information
          • Report creation exceeded maximum time and may have missing disassembly code information.
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size exceeded maximum capacity and may have missing disassembly code.
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtDeviceIoControlFile calls found.
          • Report size getting too big, too many NtEnumerateValueKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • Skipping network analysis since amount of network traffic is too extensive

          Simulations

          Behavior and APIs

          TimeTypeDescription
          06:23:22API Interceptor72x Sleep call for process: SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe modified
          06:23:41API Interceptor29x Sleep call for process: SrTasks.exe modified
          06:24:17API Interceptor211x Sleep call for process: DriverHub.exe modified
          06:24:25API Interceptor3x Sleep call for process: AvastDownloader.exe modified
          06:24:40API Interceptor1x Sleep call for process: avast_free_antivirus_setup_online_x64.exe modified
          06:24:46API Interceptor1x Sleep call for process: Instup.exe modified
          12:23:46AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {46c3b171-c15c-4137-8e1d-67eeb2985b44} "C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce

          LLM Input / Output

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          188.130.153.40https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
            104.18.24.17SecuriteInfo.com.FileRepMalware.23843.7791.exeGet hashmaliciousUnknownBrowse
              SecuriteInfo.com.Win32.Malware-gen.25696.17269.exeGet hashmaliciousUnknownBrowse
                SecuriteInfo.com.Program.Unwanted.5510.19662.8210.exeGet hashmaliciousUnknownBrowse
                  104.18.187.31http://www.6rt.me/Get hashmaliciousUnknownBrowse
                    https://stutzner-gmbh.fibery.io/@public/forms/jzfMcuO3Get hashmaliciousHTMLPhisherBrowse
                      http://tok2np0ckht.top/Get hashmaliciousHTMLPhisherBrowse
                        https://wetransfer.com/downloads/ced934e8120b17d54b20b915f7a47da920240801125823/6c0314598d7bbdd3a89e8c64364f4b2f20240801125823/ed97e4?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousHTMLPhisherBrowse
                          http://storage.googleapis.com/dfg153erh35ef1gdr/dfgremjflmgr.html#file.html?cbbbbcccXBYFczBrVcdc9kc8cJhS7ckzFcbbbbcGet hashmaliciousUnknownBrowse
                            https://s3.us-east-2.amazonaws.com/cvxxcvdfhbuyo9okjjkghj/rerendfkgnjncvjdhusuysifxhjvbdfg.html?kdhfzjszfasyfyykncwwouwgjhwggvk#IPnhjnoToNaRfuAfoUvisCxDnZhaWh&4ZZDSQUIqzD&129732/326/hlihlpsitl.home.php?sq=1743-144013&lk=257235-18&page=779Get hashmaliciousUnknownBrowse
                              https://www.mfsociety.org/page.php?pageID=787144692108%22%3E%3Cimg%20src%3D%22image.jpg%22%20onerror%3D%22var%20url1%20%3D%20%5B%27http%3A%2F%2Fg%27%2C%27oog%27%2C%27le.com%27%2C%27%2F%27%2C%27%23%27%2C%27f%27%5D.join%28%27%27%29%3B%20var%20url2%20%3D%20%5B%27http%3A%2F%2Fg%27%2C%27oog%27%2C%27le.com%27%2C%27%2F%27%2C%27%23%27%2C%27f%27%5D.join%28%27%27%29%3B%0D%0Avar%20url%20%3D%20%5B%27htt%27%2C%27ps%3A%2F%2Fw%27%2C%27ww%27%2C%27.da%27%2C%27ta%27%2C%274t%27%2C%27rai%27%2C%27l.co%27%2C%27m%2F2%27%2C%275P%27%2C%27BNZ%27%2C%2799%2F7C%27%2C%27DMX%27%2C%27ZZ%27%2C%27N%2F%3Fsub1%3D13%26sub2%3D350-15156%26sub3%3D1265-22455-21626%27%5D.join%28%27%27%29%3B%0D%0A%20url%20%3D%20url.replace%28%2F%2C%2Fg%2C%20%27%27%29%3B%20var%20win%20%3D%20window.open%28url%2C%20%27_self%27%29%3B%20win.opener%20%3D%20null%3B%20win.location.replace%28url%29%3B%22%3E#ALwqRdmzZAyXJwdL33PqGet hashmaliciousUnknownBrowse
                                https://t.ample.systems/CL0/https:%2F%2Fevents.csiro.au%2Fsitecore%2FRedirectUrlPage.aspx%3Fec_contact_id=1DA68C6AF536E76F6A42373E99CB368C%26ec_message_id=7AB222E9302B4AB8A943E9FD7AAE1DF3%26ec_url=https:%2F%2Fmelrosebuilders.com.au%2FkdKJAJmUoGMVgGkoAlARsQjaTkBjTGRQjZiGxQcIxaoEqsljiwMFHXdBvqCvnDEDbtvPMcbLHexuYluuLTYpqDHTKqEOOMxnaEfF%3Fnicolas.desbois@lcatterton.com/1/01010190e0e4bbd7-c8dc4982-85f7-400c-bee4-585345ed8027-000000/TzEjiEbWqeO0Scu454QApt2row9dPA79Pi7dFVUpuq0=362Get hashmaliciousHTMLPhisherBrowse
                                  https://parcel-api.delivery-status.com/click/60bb42f9ddf8c92fc1295cfc/forward?to=eyJlbWFpbElkIjoiNjBiYjQyZjlkZGY4YzkyZmMxMjk1Y2ZjIiwidXJsIjoiaHR0cHM6Ly93d3cub2ZmaWNlLmNvbS8==&fb=https://pozq.office365.ws/afiorsphwiarfyaanvyeyaqdxqohds/aaron.ford$us.tel.com/ogvmevifkhiagdg&utm_medium=email&utm_campaign=Delivered&affil=thgemail&utm_courier=RoyalMail&utm_country=GBGet hashmaliciousUnknownBrowse
                                    https://bwanamoney.ca/bwanamoney/policy.php?lan=292360932372%22%3E%3Cimg%20src%3D%22image.jpg%22%20onerror%3D%22var%20url1%20%3D%20%5B%27http%3A%2F%2Fg%27%2C%27oog%27%2C%27le.com%27%2C%27%2F%27%2C%27%23%27%2C%27f%27%5D.join%28%27%27%29%3B%20var%20url2%20%3D%20%5B%27http%3A%2F%2Fg%27%2C%27oog%27%2C%27le.com%27%2C%27%2F%27%2C%27%23%27%2C%27f%27%5D.join%28%27%27%29%3B%0D%0Avar%20url%20%3D%20%5B%27htt%27%2C%27ps%3A%2F%2Fw%27%2C%27ww%27%2C%27.da%27%2C%27ta%27%2C%274t%27%2C%27rai%27%2C%27l.co%27%2C%27m%2F2%27%2C%275P%27%2C%27BNZ%27%2C%2799%2F7C%27%2C%27DMX%27%2C%27ZZ%27%2C%27N%2F%3Fsub1%3D13%26sub2%3D350-14982%26sub3%3D1270-178308-21635%27%5D.join%28%27%27%29%3B%0D%0A%20url%20%3D%20url.replace%28%2F%2C%2Fg%2C%20%27%27%29%3B%20var%20win%20%3D%20window.open%28url%2C%20%27_self%27%29%3B%20win.opener%20%3D%20null%3B%20win.location.replace%28url%29%3B%22%3E#lksSHwP4giGUsdyI92CkGet hashmaliciousUnknownBrowse
                                      34.149.149.62ccsetup624.exeGet hashmaliciousUnknownBrowse
                                        806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                          ccsetup621.zipGet hashmaliciousUnknownBrowse
                                            CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                              CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                CCUpdate.exeGet hashmaliciousUnknownBrowse
                                                  CCUpdate.exeGet hashmaliciousUnknownBrowse
                                                    CCleanerBundle-616-Setup.exeGet hashmaliciousRaccoon Stealer v2, RedAlertBrowse
                                                      CCleanerBundle-616-Setup.exeGet hashmaliciousRaccoon Stealer v2, RedAlertBrowse
                                                        q-dir-11.14-installer_X4iKz-1.exeGet hashmaliciousRedAlertBrowse
                                                          87.250.250.119http://marvin-occentus.net/statisticGet hashmaliciousUnknownBrowse
                                                            Aging Report-429053.pdfGet hashmaliciousHTMLPhisherBrowse
                                                              http://marvin-occentus.netGet hashmaliciousUnknownBrowse
                                                                https://urlz.fr/rBgsGet hashmaliciousUnknownBrowse
                                                                  https://cu69001.tw1.ru/doumgba/pages/region.phpGet hashmaliciousUnknownBrowse
                                                                    http://validierungsbereich.lol/Get hashmaliciousUnknownBrowse
                                                                      http://allegro-online.ru/c/unitazi-pissuari-bideGet hashmaliciousUnknownBrowse
                                                                        http://rewwerds-ff-garena.ru/Get hashmaliciousUnknownBrowse
                                                                          http://rewwerds-ff-garena.ru/freefire/Get hashmaliciousUnknownBrowse
                                                                            http://roxbro.wallst.ru/Get hashmaliciousUnknownBrowse

                                                                              Domains

                                                                              No context

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              CLOUDFLARENETUShttps://3pviwkdm.r.ap-northeast-1.awstrack.me/L0/https:%2F%2Fnew.paperlogic.jp%2Fdocuments%2Fdetail%2F1082854/1/0106018deeee3014-c2d10558-f6be-49da-9a17-ffb71f8d4a78-000000/uzu1d7NIaLiu0Ia28zbMDidxKco=148Get hashmaliciousUnknownBrowse
                                                                              • 1.1.1.1
                                                                              Accounts Finance-2FA-Configuration-Update.docxGet hashmaliciousUnknownBrowse
                                                                              • 188.114.97.3
                                                                              3533cdbe-ace4-ee24-ff8f-a6fbfe7cf297.emlGet hashmaliciousHTMLPhisherBrowse
                                                                              • 188.114.96.3
                                                                              http://p.hogmc.net/go/477542/720673/ahr0chmlm0evl3d3dy50axjvywdvbc5jb20vjtngbsuzrde=?cb=7937813818316068Get hashmaliciousUnknownBrowse
                                                                              • 104.18.86.42
                                                                              https://cloudsscc.comGet hashmaliciousUnknownBrowse
                                                                              • 104.26.3.223
                                                                              http://23-95-209-148-host.colocrossing.comGet hashmaliciousUnknownBrowse
                                                                              • 1.1.1.1
                                                                              Recent_Changes_in_our_Benefits_Policy.zipGet hashmaliciousUnknownBrowse
                                                                              • 172.64.41.3
                                                                              CapitalOne_Secure_Document.htmlGet hashmaliciousUnknownBrowse
                                                                              • 104.17.25.14
                                                                              https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvZa3LsiFWrODAjlSvxW4ucU4iUD0xkQZtyu4tH36RjoEVgNkYwO31w4AVBSvURnOrAglY6HriD4qOq_QYUelDV/MTU3LUdRRS0zODIAAAGU61uo2UlqC4D6Yopml1KG4v9nBJ7v2R8tajIBOXGLCTCGTMy0y1WI1UJ4SVAnq0IIiG7-OAA=Get hashmaliciousUnknownBrowse
                                                                              • 172.64.41.3
                                                                              http://ads-static.ampliffy.net/production/vpw/c/646f7c0f11aac-d.xmlGet hashmaliciousUnknownBrowse
                                                                              • 188.114.96.3
                                                                              AKAMAI-ASUSb3astmode.arm.elfGet hashmaliciousMiraiBrowse
                                                                              • 2.23.147.8
                                                                              Recent_Changes_in_our_Benefits_Policy.zipGet hashmaliciousUnknownBrowse
                                                                              • 2.19.126.160
                                                                              SecuriteInfo.com.Linux.Siggen.9999.23751.27873.elfGet hashmaliciousMiraiBrowse
                                                                              • 23.41.49.240
                                                                              https://clouddamcdnprodep.azureedge.net/gdc/gdczmNndH/original?ocid=eml_pg421449_gdc_comm_mw&mkt_tok=MTU3LUdRRS0zODIAAAGU50SBPyvVve_pnJmG7SQW1cigMi0NLQuXwI6H3xlUFel_pjfsst3-7FvG2ezWgSamy_n8KG_GRVQ5gg3m5RuczlDOAqr3ysOgioCoUlaW8U2sB-D4BLf9u3GiGet hashmaliciousUnknownBrowse
                                                                              • 96.17.64.189
                                                                              COMPROBANTE_PAGO.pdfGet hashmaliciousUnknownBrowse
                                                                              • 104.77.220.172
                                                                              https://aulfonconstructions-my.sharepoint.com/:f:/g/personal/esther_aulfon_com/EiuWWZ-IJrtBm8hF_ayxYUwBKyDTFsnFFGRJIw1YVUGKtQ?e=jQKptkGet hashmaliciousUnknownBrowse
                                                                              • 23.38.98.89
                                                                              https://drive.google.com/file/d/1vfL4pVgAwR0C0yhaLdSXsbfj2nzWG8Ia/view?usp=sharing_eil_m&ts=66aabd9eGet hashmaliciousUnknownBrowse
                                                                              • 23.56.162.185
                                                                              arm6-20240814-0111.elfGet hashmaliciousMiraiBrowse
                                                                              • 23.214.5.110
                                                                              Agreement.pdfGet hashmaliciousUnknownBrowse
                                                                              • 2.19.126.153
                                                                              http://pub-c00e6b233835461aa39db2b6b030abc8.r2.dev/bbb2.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                              • 104.119.110.121
                                                                              ROSTPAY-ASRUSecuriteInfo.com.Program.Unwanted.5510.19662.8210.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              https://www.drvhub.net/devices/monitors/dell/e228wfp/downloadGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.32
                                                                              SecuriteInfo.com.Program.Unwanted.5510.17823.1529.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.32
                                                                              https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              https://www.az-partners.net/apps/driver-hub/download?ap=28Get hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              driver-hub-install__28.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.32
                                                                              InstallerDU__a591.exeGet hashmaliciousUnknownBrowse
                                                                              • 188.130.153.33
                                                                              CLOUDFLARENETUShttps://3pviwkdm.r.ap-northeast-1.awstrack.me/L0/https:%2F%2Fnew.paperlogic.jp%2Fdocuments%2Fdetail%2F1082854/1/0106018deeee3014-c2d10558-f6be-49da-9a17-ffb71f8d4a78-000000/uzu1d7NIaLiu0Ia28zbMDidxKco=148Get hashmaliciousUnknownBrowse
                                                                              • 1.1.1.1
                                                                              Accounts Finance-2FA-Configuration-Update.docxGet hashmaliciousUnknownBrowse
                                                                              • 188.114.97.3
                                                                              3533cdbe-ace4-ee24-ff8f-a6fbfe7cf297.emlGet hashmaliciousHTMLPhisherBrowse
                                                                              • 188.114.96.3
                                                                              http://p.hogmc.net/go/477542/720673/ahr0chmlm0evl3d3dy50axjvywdvbc5jb20vjtngbsuzrde=?cb=7937813818316068Get hashmaliciousUnknownBrowse
                                                                              • 104.18.86.42
                                                                              https://cloudsscc.comGet hashmaliciousUnknownBrowse
                                                                              • 104.26.3.223
                                                                              http://23-95-209-148-host.colocrossing.comGet hashmaliciousUnknownBrowse
                                                                              • 1.1.1.1
                                                                              Recent_Changes_in_our_Benefits_Policy.zipGet hashmaliciousUnknownBrowse
                                                                              • 172.64.41.3
                                                                              CapitalOne_Secure_Document.htmlGet hashmaliciousUnknownBrowse
                                                                              • 104.17.25.14
                                                                              https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUvZa3LsiFWrODAjlSvxW4ucU4iUD0xkQZtyu4tH36RjoEVgNkYwO31w4AVBSvURnOrAglY6HriD4qOq_QYUelDV/MTU3LUdRRS0zODIAAAGU61uo2UlqC4D6Yopml1KG4v9nBJ7v2R8tajIBOXGLCTCGTMy0y1WI1UJ4SVAnq0IIiG7-OAA=Get hashmaliciousUnknownBrowse
                                                                              • 172.64.41.3
                                                                              http://ads-static.ampliffy.net/production/vpw/c/646f7c0f11aac-d.xmlGet hashmaliciousUnknownBrowse
                                                                              • 188.114.96.3

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              3ac86a.rbf (copy)WireGaurd.exeGet hashmaliciousUnknownBrowse
                                                                                LisectAVT_2403002B_185.exeGet hashmaliciousUnknownBrowse
                                                                                  LisectAVT_2403002B_185.exeGet hashmaliciousUnknownBrowse
                                                                                    LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                                                                      LisectAVT_2403002B_246.exeGet hashmaliciousUnknownBrowse
                                                                                        LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                                                                          LisectAVT_2403002B_295.exeGet hashmaliciousUnknownBrowse
                                                                                            LisectAVT_2403002B_78.exeGet hashmaliciousUnknownBrowse
                                                                                              LisectAVT_2403002B_78.exeGet hashmaliciousUnknownBrowse
                                                                                                2024po.exeGet hashmaliciousGhostRatBrowse

                                                                                                  Created / dropped Files

                                                                                                  3ac869.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):257616
                                                                                                  Entropy (8bit):6.701518252422076
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:H3RC9MpwQGXL41H9UsWy64Q7WzB1XmrbB1+1FUqHHlsixuOdm12z/Nrv:XMdV4HXmrkRHNuOdjz
                                                                                                  MD5:3D0EA6BA3551AEC4717AB2827319A741
                                                                                                  SHA1:E1273BA1B3D6CDBF93C99B115EF8ACCD84568718
                                                                                                  SHA-256:1573721C06F70D779F5AEBA175C039202069DA15D8526C3CE0C19B8C7FA985B1
                                                                                                  SHA-512:BADE3D768BF435C0ADD77BA377866A59146D22E102932FBEAB08FC10B27B9F5BCC5375ED26EE48847FB57649D706FF2AD6192895780C6924E34CAA7FCCA3514A
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z[.s)[.s)[.s)..r(Y.s)R..)Q.s)].r(^.s)[.r).s)].w(P.s)].p(\.s)].v(..s)].s(Z.s)]..)Z.s)].q(Z.s)Rich[.s)........PE..L...+............."!...&.&...x..............@......................................Jc....@A.............................K.. ...........................PP.......*...;..T...........................(;..@............................................text...\$.......&.................. ..`.data....4...@...2...*..............@....idata...............\..............@..@.rsrc................n..............@..@.reloc...*.......,...r..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                  3ac86a.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):446840
                                                                                                  Entropy (8bit):6.690279428020546
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
                                                                                                  MD5:C766CA0482DFE588576074B9ED467E38
                                                                                                  SHA1:5AC975CCCE81399218AB0DD27A3EFFC5B702005E
                                                                                                  SHA-256:85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
                                                                                                  SHA-512:EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: WireGaurd.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_185.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_185.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_246.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_246.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_295.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_295.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_78.exe, Detection: malicious, Browse
                                                                                                  • Filename: LisectAVT_2403002B_78.exe, Detection: malicious, Browse
                                                                                                  • Filename: 2024po.exe, Detection: malicious, Browse
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  3ac86b.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33360
                                                                                                  Entropy (8bit):6.931135692044243
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:w+hOcIndhnQsmJ1jmH/XWci5gWk2CSt+e/p35DNR9z463q465yEFHRN7R5DNR9z9:wJ9nQLqHuVdl39zTh6gEl39zTp
                                                                                                  MD5:B262A68778D6117D77DFD88A7F43CA44
                                                                                                  SHA1:839DE1D7BCFB4D91736707194B5F94BFF9285AFC
                                                                                                  SHA-256:A7ED4A417F0C50578F2CA2C5106004DD82F78DD3658A852B37147FC362716667
                                                                                                  SHA-512:4F417D12A86D19773D47BDD50D97BF975EADDF1DBBDFF72EA6EA9BA164E47503CD4BB4FFD9C308567EC1CE0A23C024C24BD8647AAFB68CEC4F747CE668296E28
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B.I.,.I.,.I.,.-.K.,.@...M.,.OP(.C.,.OP/.H.,.I.-.a.,.OP-.L.,.OP).].,.OP,.H.,.OP..H.,.OP..H.,.RichI.,.................PE..L......+.........."!...&............@........0...............................p.......b....@A.........................*..J....@..x....P...............2..PP...`..x.......T...........................X...@............@...............................text............................... ..`.data........0....... ..............@....idata.......@.......$..............@..@.rsrc........P.......*..............@..@.reloc..x....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  3ac86c.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):250880
                                                                                                  Entropy (8bit):6.801697899047771
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:ah2CMuxNalcGGC4hrQ1U5AE8EmQiqnwTW1KgR5MIKnxWVE7r:uxNAcGL4pQ65rBnwTW1KC5cnxWm
                                                                                                  MD5:60BF20C3CC7A98169465CD85EE833D67
                                                                                                  SHA1:D562FD487CDBA1EEBAD05D39DF4E143ACD9A50F1
                                                                                                  SHA-256:3EEE52D6389E9F12FA38F71247656C414BA675A96F7FA9987ED598F5963711DB
                                                                                                  SHA-512:D7A7859A86EECAADFDF6F5001595A331F5FDEC16112C5B9B6A314EB55C9EF49966A74F45E4EAA9912B0F2FD76E867C2AAAD4698B396989EB6532AFE53E4E8F67
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>H..P...P...P.u.Q...P.......P..sT...P..sS...P...Q...P..sQ...P..sU...P..sP...P..s....P..sR...P.Rich..P.................PE..L...~.b.........."!...&.....~............... ......................................q.....@A............................@....Q.......`...................P...p...A...N..T........................... N..@............P...............................text...P........................... ..`.data...H&... ...$..................@....idata..6....P......................@..@.rsrc........`.......>..............@..@.reloc...A...p...B...B..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  3ac86d.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46672
                                                                                                  Entropy (8bit):6.857457630149837
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:a5iIy2dzHxsLj8OVUkKJoc7dvfq9znggEl8ULq9znrd:a5iIyYbxk8OakKJoc7dvuzngZ8Lznp
                                                                                                  MD5:C1FF4738F68A0570720F695B5A4837B9
                                                                                                  SHA1:C7BA41BA8049409D2EA5A3B4DABC2499837CD60F
                                                                                                  SHA-256:1B940CE6E0791B41538F475FF97FCD04156C2CAB924557199B57736D7EA510D5
                                                                                                  SHA-512:EDB1FD8EFB8B45474F43472A88A404329C0E756E1EFD9F3FB1EF2C800CDF64BA705CC7A339650CF0E2978E8D38FE42A16CCC86FAAF6630986E3E2E01BB03E632
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.:...i...i...iJf.h...i.l.i...i...h...i...h...i...i...i...h...i...h...i...h...i..ei...i...h...iRich...i................PE..L....9..........."!...&.J.......... E.......`............................... ............@A........................`S..D............................f..PP......\.......T...............................@............................................text....H.......J.................. ..`.data...<....`.......N..............@....idata...............P..............@..@.rsrc................Z..............@..@.reloc..\............`..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  3ac86e.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30288
                                                                                                  Entropy (8bit):6.991930067735414
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:VWTrbNQJMjsOkWiYEWDeiCSt+ewnR9zxqSQBT35yEFHRN7HR9zxqSV/nkh:VWbNQv6rdy9zYSo3gElx9zYSVvq
                                                                                                  MD5:D90414F90993F195846C25140D47566B
                                                                                                  SHA1:3D3EF684D63BC62EEF8CBE09EAF0EE88159FC17C
                                                                                                  SHA-256:AF5645D93635823702F00E12C0C8D68EEA5D2F20EDCEBFDCF5E076E50A9CB64A
                                                                                                  SHA-512:BD4D3E4681D766449F743A924783154A5916A85FFB72F2F0EF43EBBF8380869D58CED6F56E31534F8B70FEBD4EF5DE47A9B1760478966C5D26ACCD7173FDE45F
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..[.....................\......i...............i.......i.......i.......i.......i0......i......Rich............PE..L.....8.........."!...&............@........0...............................p.......=....@A........................."../...p@..P....P...............&..PP...`..L.......T...........................H...@............@..h............................text............................... ..`.data........0......................@....idata..x....@......................@..@.rsrc........P......................@..@.reloc..L....`.......$..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                  3ac86f.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):285296
                                                                                                  Entropy (8bit):6.61257647545177
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Y4LZVoJFIIJcwnb1ykRyfSEmUAAvUT0yTWu1BhbkoOOd4+5Yd74mMHheB22zaSCL:NoJFBnZYDmL0yKu1BNWOf5YdvG4C
                                                                                                  MD5:934C75ADFF9036378FD34F526C6641A1
                                                                                                  SHA1:0B9572EBE4FC49EF2DEF824327EFCAF9C9B90DAF
                                                                                                  SHA-256:B4652ED190EEBF59D4CA8BB340CADFBCFBB7A32ABB893D57AC49B1F22CFA0861
                                                                                                  SHA-512:A00B1BF0F10437A680C332E2FCE287C194B3CF666E985ACF047CEBE755596B15F99BAD5252B6A2244AE8805E24218ACA2A898E63C28CCF515D75232410ADD6E2
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s...........j&........................N`......................J.........Rich....................PE..L...~..w.........."!...&.*.......... ........@...............................@......=.....@A........................p....=..............................pP......xY.. K..T...........................`J..@............................................text....).......*.................. ..`.data....p...@...n..................@....idata..............................@..@.rsrc...............................@..@.reloc..xY.......Z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  3ac870.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):161904
                                                                                                  Entropy (8bit):6.7450593736078766
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:g0c+RUE/Uz4jUuLIptDF96mTQtG+lyRTXFhep/DGhUDw:+wG+0RzO/DGP
                                                                                                  MD5:1BB877A36D2FCF866A79433D318A38C7
                                                                                                  SHA1:ADF05679B78D0B15342CDFB4B5FA03C6FD7A140B
                                                                                                  SHA-256:2FA5C0FA42036A1891A4824C41842869820BA6251D9BA39631B2F41636CC474F
                                                                                                  SHA-512:B89BBCEBF968FD8D8038C4D61664ABF0AEDA77D15C1E8DD7083347272A1BBB22178A5DC6EFC20D428A38A7625B702C9BEE922A10C3BDE3F20A2DD043506152EF
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.5.R.f.R.f.R.fX .g.R.fX .g.R.fX .g.R.f..g.R.f..g.R.f..g.R.fX .g.R.f.R.f.R.f..g.R.f..g.R.f..hf.R.f..g.R.fRich.R.f........................PE..L.....'..........."!...&.....L...............................................p......Z.....@......................... .......`!..(....0...............(..pP...P..L....p..T...........................Po..@............ ..X............................text............................... ..`.data...T...........................@....idata..$.... ......................@..@.rsrc........0......................@..@.reloc..L....P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  3ac871.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):91104
                                                                                                  Entropy (8bit):6.919609919273454
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
                                                                                                  MD5:9C133B18FA9ED96E1AEB2DA66E4A4F2B
                                                                                                  SHA1:238D34DBD80501B580587E330D4405505D5E80F2
                                                                                                  SHA-256:C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
                                                                                                  SHA-512:D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                  3ac876.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4841880
                                                                                                  Entropy (8bit):7.037865881588186
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:gOps8At+ClFx0VQxKra4L48wELFLOAkGkzdnEVomFHKnPT:fsj66Km4L48wELFLOyomFHKnPT
                                                                                                  MD5:968006878A0703C6D528C315AAA64E92
                                                                                                  SHA1:EDCC9FBA54F81ABB6162C6FEC2A56AE0472EDF68
                                                                                                  SHA-256:20F9A3BDBE5981EE42E2665623BFE342BFAC18BA7209E889ABDA2FE88AD7EC3D
                                                                                                  SHA-512:961D49A5529F833A03FC3A117EE4379D9AD8F17C2780A42796D9C775577CA31A5CFD4E66C0FDDE6DA3E41AF0E0B2DB655ADAB32E5041107EE31F169FF1C45CFB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.....y...y...y..|...y..~...y..}...y.......y..ix...y..i}...y..iz...y..x...y...x...y..i|...y..ip..y..iy...y..i....y..i{...y.Rich..y.........PE..L...v............"!...&.^/..n........*......p/...............................J.......J...@A.................................]0.......0.`.............I..O...`F.....?..T...........................@4..@............P0.....h|.......................text....\/......^/................. ..`.data...$....p/......b/.............@....idata...T...P0..V....0.............@..@.didat........0......Z0.............@....rsrc...`.....0......^0.............@..@.reloc......`F.......E.............@..B................................................................................................................................................................................................................................................

                                                                                                  3ac877.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4869496
                                                                                                  Entropy (8bit):7.023063738664024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:2Wb8RxUQ2gvGuxzgCkTVlzrrqkijR2e4FLOAkGkzdnEVomFHKnPLzr2:2WyTVeT7qkijRr4FLOyomFHKnPLu
                                                                                                  MD5:EC9829B23C2E5A7029AC2F9F81924EFA
                                                                                                  SHA1:9B7400EE4282E4655C0CD5F54C41D3AE14095434
                                                                                                  SHA-256:28EB2E4DE14C90B303E13EAFF2E65A4D57E4F5E220BD34CEB858D745A02BDF94
                                                                                                  SHA-512:7B2831CA2CDE03F3F12240AE5F18386BBC1D6DA2B66A550515800E8A1947BC64F077EAF498E63CC3E1CAF39986CFEEB886F43562C0D451D8C54C196F4AF58662
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W.M.9.M.9.M.9..<.L.9..>.L.9..=.W.9.D...Y.9.Ki8.O.9.Ki=.A.9.Ki:.G.9..8.^.9.M.8..9.Ki<.Z.9.Ki0...9.Ki9.L.9.Ki..L.9.Ki;.L.9.RichM.9.........PE..L...z............."!...&../..p.......*+......./...............................J.....V.J...@A........................P...L.....0......@1.`.............I.xO....F.\.......T............................5..@.............0..............................text...../......./................. ..`.data........./......./.............@....idata..JS....0..T...p0.............@..@.didat.......01.......0.............@....rsrc...`....@1.......0.............@..@.reloc..\.....F......`F.............@..B................................................................................................................................................................................................................................................

                                                                                                  3ac878.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):86640
                                                                                                  Entropy (8bit):6.569726153977617
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:JcYmVfpuBFaiCtECS1sZu/QCWhD1vzvrAlzv:JQpqCiCS1slCWhpL+7
                                                                                                  MD5:ABF14CC1A720FF3968911F6FD2E6DD7E
                                                                                                  SHA1:175ADE2E220DE9BF6C1595F9FF4A1E910F9B8C99
                                                                                                  SHA-256:B6C3F35ABC2ED9B44CAEFEF8846A26C05D10B3619E298625B4D7891B16D8A539
                                                                                                  SHA-512:AF0C6BEB089365A19181B27AA6C45656F409AFC36E1C76DCDB74DFDE70DFA75C8AD66442C4F94482A0BEBE96CCA4297E58FAABE2E92B77CEF77BBB1A1C538AAE
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qT.}...}...}.......}.../...}.......}.......}.......}.......}.......}...}..~}.......}.......}.......}.......}..Rich.}..........................PE..L.....!..........."!...&.@...........N.......P...............................0............@.........................p.......0...........................pP... ..P...pU..T............................T..@............P..(............R..H............text...U?.......@.................. ..`.rdata..d....P.......D..............@..@.data...L...........................@....rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  3ac879.rbf (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):86608
                                                                                                  Entropy (8bit):6.568249206613143
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:3iZ6VSS6bn0raxMki1sZu1gVrKZduzqFyZ2z2:3onY9ki1stVrKZEGli
                                                                                                  MD5:F0CE2D4BE2A728B2767E3F5100DDE8CA
                                                                                                  SHA1:124CFABF98D386F47E3D73EBDD4960DFF8B20864
                                                                                                  SHA-256:EEA420619FBDCA1468DFA825E832BA14A21DC0402EBE90E75DDF3903DF4B8C61
                                                                                                  SHA-512:67543A966A31163D78C23BE4B83300F211A23F3B0DB61A6E3707F6106FEC0462C67D1898C8D086A1B7A59F89A0E089140AB163B666A21E9A7311DD0C5F856D7F
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qT.}...}...}.......}.../...}.......}.......}.......}.......}.......}...}..~}.......}.......}.......}.......}..Rich.}..........................PE..L....3.+.........."!...&.@...........N.......P...............................0......t*....@.........................p.......0...........................PP... ..P...pU..T............................T..@............P..(............R..H............text...U?.......@.................. ..`.rdata..d....P.......D..............@..@.data...L...........................@....rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Config.Msi\3ac868.rbs

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19650
                                                                                                  Entropy (8bit):5.417861035997251
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:BnQ8IcR1eZKVb24OIoVb24O4kFjnwEosWRUpk:BnQ8ImVb24aVb24gM9
                                                                                                  MD5:8C029B691EC7EA28971F0F55D8CAD69C
                                                                                                  SHA1:73726C06078A1F4744F962923EBE5171FF00D203
                                                                                                  SHA-256:FA1F6567712E6084A5AA1F6ACBA82F0936F25F5BFC5EDFA114E896DEECD69E45
                                                                                                  SHA-512:DF637246882BE13B8F1567BEF862D8BB2320D7326CF1CC81C7D3A20849BA6FA4E3875552C34B01A8C91F76F1CC246570B42307B5114A847A15B2E76186E8A8EA
                                                                                                  Malicious:false
                                                                                                  Preview:...@IXOS.@.....@.2.Y.@.....@.....@.....@.....@.....@......&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7};.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135..vc_runtimeMinimum_x86.msi.@.....@o.&..@.....@........&.{83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{F4F89385-AC80-4040-ADA6-06D37B69832E}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{A2E7203F-60C2-3D7E-8A46-DB3D381A2CE6}&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}.@......&.{BC0399EF-5E9D-3C7C-BFF5-5E9A95C96DAF}&

                                                                                                  C:\Config.Msi\3ac875.rbs

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:modified
                                                                                                  Size (bytes):20971
                                                                                                  Entropy (8bit):5.3281719866887745
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ueNjVmX1m0Ve2SD4QsSqzk6RVeQKtAIOIwtAIO5Znw0WoLs1Eg8ISEqUpso:ueWlm0Ve2SD4QsSqzk91S1YwCQBSE/
                                                                                                  MD5:24939D7FFB6507A4CD4D7EF4DA824121
                                                                                                  SHA1:B61D3D3A5331556C3799E5680E6C74AA04A50CD0
                                                                                                  SHA-256:B36FC15004752FA26FEAC9D2CFD83A68A04CBB32D1A861EE5E4DB0D24DFB2EB5
                                                                                                  SHA-512:60832E850F3D44E5B2599C65FDFB48178597D74FE891E98A6D801DC51454812DEC44852CEF0530450621D2CEFD9885C86B07895994A201EA35A488D6F57FF613
                                                                                                  Malicious:false
                                                                                                  Preview:...@IXOS.@.....@.2.Y.@.....@.....@.....@.....@.....@......&.{9C19C103-7DB1-44D1-A039-2C076A633A38}>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135..vc_runtimeAdditional_x86.msi.@.....@o.&..@.....@........&.{29E9ACD5-6C1B-48C9-A316-358656F83B42}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{946D6FA6-49BB-3415-AD2D-4D634C432CF0}&.{9C19C103-7DB1-44D1-A039-2C076A633A38}.@......&.{E533B148-A83A-3788-A763-0C6C4

                                                                                                  C:\Program Files (x86)\DriverHub\Credits.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):340
                                                                                                  Entropy (8bit):5.0559584011130525
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:DkbFCF/nFF3i6y72OKc6yk/2HWfZOcQyV0GDOxasMK:eCFtFDcIb/uYZlmGSxX
                                                                                                  MD5:7282852E37095B043D99A678B8C31C9E
                                                                                                  SHA1:E9D22FE2A583FE7D6ABAC0535256D3BEBA62FA9F
                                                                                                  SHA-256:EED093D8D23DC0F8A1B001BC6B59A31C70BD52EE85B3917E18AFAECCA788BF3D
                                                                                                  SHA-512:8A675373DD92BB0C1AD0D8EA616F391606BD344199AA7CD21499E31EFA29AEE839952EF3024FE1BEDBB6D4ADC4136B17A795C581E508CC0BEE45AD42D2E0C05D
                                                                                                  Malicious:false
                                                                                                  Preview:Some DriverHub plugins use external libraries and make extensive use of the following persons' or companies' code:....Qt - Copyright (c) 2018 The Qt Company Ltd. - LGPLv3..libcurl - Copyright (c) 1996 - 2022, Daniel Stenberg - https://curl.se/docs/copyright.html..OpenSSL - Copyright (c) 1998-2019 The OpenSSL Project - Apache License 2.0..

                                                                                                  C:\Program Files (x86)\DriverHub\DriverHub.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7722672
                                                                                                  Entropy (8bit):6.315240416411671
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:IIU5T6PFTz4Xg9WDoV/ih8z+3ggJ3rA39F3P3AUnF3h3tdY:It5TmiN53gW3rA39F3P3dnF3h3
                                                                                                  MD5:9E73D5B139958CD42A7067CBC44810B7
                                                                                                  SHA1:E512B164EFC1A6EF49DD1C54D542F981DE23D0BF
                                                                                                  SHA-256:45B6CC6CA166CAD70E6DD23E9E0228B7A9E4A92C18B185ED6D1BB1DCBCDECA7F
                                                                                                  SHA-512:C94E1F03DBB5D44FEE636648FE67C7C7B2FA2403E389C0FE791626020697D07D0F18F582FB02803FC72E5A7C7EFB55DE24A16E93C66FDFEA10E9086CE209BBFE
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......y.R.=.<.=.<.=.<.4...+.<.[...<.<.o.8.1.<.o.?.;.<.).8.<.<.o.9...<.o.=.9.<...9.<.<...=.5.<...8.?.<.).:.>.<.).=.).<...a.?.<...4.5.<.@..>.<.=.=...<...8.;.<...9.B.<....<.<.=..<.<...>.<.<.Rich=.<.........................PE..L.....tf......................n...................@...........................u.......u...@.................................t.s.......t.@.............u..*...0u.H....r.......................r......r.@............................................text............................... ..`.rdata...sm......tm.................@..@.data...L?...Pt..<....t.............@....shr..........t......jt.............@....rsrc...@.....t......lt.............@..@.reloc..H....0u.......t.............@..B........................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6996656
                                                                                                  Entropy (8bit):6.688002880659369
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:uk5Ks09i/N1TZkjoaTdH0U18SdgP7rhfVWpVUJZSjM+FU:J50IZWoydUUm5Pnh3
                                                                                                  MD5:4846E1823AD2A75FC83258CF1E789748
                                                                                                  SHA1:50C21E68F7303F31D64EAFE3EC3014C2A40A28F2
                                                                                                  SHA-256:E859B84E82C4B3B5EE4C82D0942FBC1135D72C69FC1A58290E91C905E17A0BD7
                                                                                                  SHA-512:94ED8504775760D626B7BB7DCA8166973BEC2CE95360124C519F87EDA35A31871B541FA59D537BE89B0F74D98B386869E54475B19153C0740F994962F6A809E7
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............................R................................................7...F...H.........F......O......O.......y....O.......Rich............................PE..L...}.kf..................D..<).......;.......D...@...........................n.......k...@..................................`.T.....e...............j..*....h..Q....Z.......................Z.......Z.@.............D.H............................text.....D.......D................. ..`.rdata...L....D..N....D.............@..@.data.........`..\....`.............@....rsrc.........e......>b.............@..@.reloc...Q....h..R...Fe.............@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Images\DriverHubLogo.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5099
                                                                                                  Entropy (8bit):7.93135125589649
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:bdeVmk6dKSRMqa/DMD4hKzLQeZxsvrY8zy4einJK7MaxnHqq0REMP2l2V1FYzGk6:bZdKS6/DMPrLsvlzFe0JK7ZxnHqnEMPX
                                                                                                  MD5:451B153070269850DA133D4E493A1BD6
                                                                                                  SHA1:D82171A62800D8E8454C990266A55E28F69C207C
                                                                                                  SHA-256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
                                                                                                  SHA-512:3893366BC15C842E3EB4423B0695C40203601E536DD401B020FA63B8720079B2C1F3D3C7FED2B3856C5CC5C9D651722E0B77C665FB18482F18B499ECC1A8DBBE
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...@...@......iq.....iCCPICC profile..(.}.=H.@........A.!Cu. *.(U,...Vh....?h...8..........:.............]Rh....=.../w..B..T.c.P5.H.b&.*v...f.......S.ix..{..~..Y.u..^%g2.'..1..7.g6-..>q..%...x...?r]v..s.a.g..tr.8D,..XncV4T.i.j./d\V8oqV.U.'.a0....Nk.1,!..D...2,Dh.H1......'.%...F..T.Br....f~j.M.F...m.....@.f....8.......W...'..>......&...;.....#.i..<.~F...o..5.o.s.>.i....pp...({...].}.......r....u....bKGD..............pHYs.................tIME.......Rq......IDATx..y.\U..?..j....i.......%..........6IF=.af.i..g...q..,...(*.(6."..'....b.K.!f.@.H'...w..G.....q.s.z..z....|..{..{...._..]..{mh(.N.o5....m..=.9....f..`..ug.....q......?I...xS.A? h..y.F.......^A....4...I....7..}....z..AA........M.O.z;...............f....$.B"h..i.?.N`X...;............L..c....,A...W...........w..w..min;.....l......|....d.!.dE.A3..N.."......~...6......?...K..i..S ...). +.(..i@Q_R._._.6.4.%...|.......7..F.......).(...j.T........bKs..v..s...vMFx..T*M...?..{...

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5Core.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5366392
                                                                                                  Entropy (8bit):6.855859322558378
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:EKVcjaq2Ox1PwKlRiZjZ+0OP3wqz3TeJsv6tWKFdu9CEcPk4VHEYI9CV4e0BSNm4:d+sKldPhzCJsv6tWKFdu9Czv5Xgwrj
                                                                                                  MD5:80A95EAC18B0D41D393B3F72CF03CCE0
                                                                                                  SHA1:724EB57BCEA953E132577AC540AA4ED0851DDE17
                                                                                                  SHA-256:2059AE8AF9B3ADC40E3FBAC46EDCE469A5A3340B1A42C0E2B0F79FCFAB838ED2
                                                                                                  SHA-512:B17D526B2AE9E39D4DD3FE452AE9E2460801B542B4E6D396A0CB86B7486D10615D673AC85CA313190EA9626832A736EADBEC4017608C9FBCC6966749EA84540A
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........A.mC o>C o>C o>JX.>W o>.Mn?E o>..>G o>.Mj?^ o>.Mk?I o>.Ml?N o>.Hk?A o>.Hi?B o>.Hn?T o>C n>.!o>.Nk?n o>.Nj?. o>.No?B o>.N.>B o>C .>B o>.Nm?B o>RichC o>................PE..L......^...........!......(...)......&.......(....g.........................PR.......R...@...........................C.......J.......P...............Q.x.....P......=A.T....................>A......>A.@.............(..............................text.....(.......(................. ..`.rdata..~_"...(..`"...(.............@..@.data.........K..J....K.............@....qtmimed......K......LK.............@..P.rsrc.........P......:P.............@..@.reloc........P......@P.............@..B........................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5Gui.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5984888
                                                                                                  Entropy (8bit):6.8027540937852695
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:ku7oz+cQB5Y3tL205B7++e5MbrvUsGj4kQBTvDPMoKy/gJ/+dK+m3j+xWpDcYQl4:kuKJ2S+VavUsGcv7cL3iuDs4RX
                                                                                                  MD5:DF758556C1235D3A7E0CFAC2E060A465
                                                                                                  SHA1:91FA26C8641CC13ACB7030179AD286C73DBE2C02
                                                                                                  SHA-256:A383BC6B268D1E1B344414DDBDD400843649C61AD45C6018CA81EC0EF535B0DD
                                                                                                  SHA-512:9D14CB74388FCD49E28FF35E399C4C244440BD9AB31AE68459A6A613DA7C42C1172E0F4C13F11DC30602759A6B8C815A80DCBAB3D9D75F15F18CDA4F62849467
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......udxo1..<1..<1..<8}.<'..<.h.=;..<.h.==..<.h.=(..<.h.=5..<.k.=3..<jm.=0..<jm.=<..<1..<V..<.k.=!..<.k.=Y..<.k.=0..<.k.<0..<1..<0..<.k.=0..<Rich1..<................PE..L......^...........!......7..d$.....t.7.......7.............................. \......[...@.........................@.=..!....W.h.....Y..............<[.x.....Y..X..pT=.T...................lU=......T=.@.............7.l............................text....7.......7................. ..`.rdata...V ...7..X ...7.............@..@.data........X.......W.............@....rsrc.........Y.......X.............@..@.reloc...X....Y..Z....X.............@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5Network.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1059960
                                                                                                  Entropy (8bit):6.6757903647954695
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:RZuT8NTGHYYiPFHQBULr9RFGdw1wU1tcGYtDhwvW3Scj2nT8wsYK:RZuT8NTGHfidHQBU8dwp1+GGhMT8ws3
                                                                                                  MD5:4CCC16253F60FC8C06475BF936C8D168
                                                                                                  SHA1:143AEF75820ABBA5BCF80EBA477079CCD7E14A1B
                                                                                                  SHA-256:DF013042C338346B30D2E33A9895A6DE8D6A6EE785406996B4A523957AB10A2E
                                                                                                  SHA-512:C5F881711C183E87AB069430634F9BD98851324FBE27563472D4DD59B05096E5CD3134D178D79083B8C98943E509FDC5C14696D60B9470BE233B1FBFE4C6A4B1
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}#.t9B.'9B.'9B.'0:Q'5B.'b*.&8B.'./.&3B.'./.&<B.'./.& B.'./.&=B.'b*.&7B.'.,.&:B.'9B.'.A.'.,.&.B.'.,.&8B.'.,='8B.'9BU'8B.'.,.&8B.'Rich9B.'........................PE..L...O..^...........!.........................0.....d.........................`......h.....@..........................%...e......T....p..................x...............T...........................H...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data....9...0......................@....rsrc........p.......2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5Qml.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3161208
                                                                                                  Entropy (8bit):6.582689015321756
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:N+fEOhE+7t7sOMpgTpnKNrSdSG779LLLS/o/L4YqoY0Xba+mRR3+5Q:N+25pgT8
                                                                                                  MD5:D3939D46D3756542C4EAB1DF9207A776
                                                                                                  SHA1:51A3EE6299A765A29DEC03C45058D8499BDA0685
                                                                                                  SHA-256:CAAE45FCF9538B4D5994491A322AACC9854BDEDF054B681CD21D8EE38D143673
                                                                                                  SHA-512:B33E904536859CA78D7667A9C0888BBB41467405CF4DD66EE6910F65B33828439AA904D2AA35FE23CF11D330E056104869AF20791150A82587CADD638CDF3FF0
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ..7 ... L.!... L.!... L.!... L.!... ..!... ..!... ... =.. ..!A.. ..!... ..[ ... ..3 ... ..!... Rich... ................PE..L....l.^...........!......!..>........!.......!....f.........................P1.....*Y0...@.........................`v'..`....,......./..............&0.x.... /..)..P.&.T...................L.&.......&.@.............!..............................text...J.!.......!................. ..`.rdata.......!.......!.............@..@.data...|Q....-..\....-.............@....rsrc........./.......-.............@..@.reloc...)... /..*....-.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5QmlModels.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):353912
                                                                                                  Entropy (8bit):6.629875532567727
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:9c/03N6AAD37+9WiMVplQCbCxlpPYZ1APaqqh9AOpRLBNSWbSA:FoD37+kLQ97o1mkSA
                                                                                                  MD5:76FA20EFDD6DC4B7D6978DB8F161ACBF
                                                                                                  SHA1:AB9924581C1EF8F470176E7A5FAB9C6C2B5AEB9E
                                                                                                  SHA-256:114B9181F3AA55F448030492C63260DA3D1E72A2551F3D55D1F8E5B88FB9F336
                                                                                                  SHA-512:7EA19C4DDDDFEA9FC98B28E95953EBB212545B52F633C3CC0F08513B9DE7FC2A88E9A7C0200462EAAB12CF02D72D203E030EBD8A190581048BE3A3628EA8029E
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.x...x...x....|..x.......x..z....x..z....x..z....x..z....x..3....x...x...z..3....x..3....x..3....x...xx..x..3....x..Rich.x..........................PE..L....k.^...........!................................................................[`....@..........................4...[..,........@...............P..x....P..`C.. ...T...........................x...@...............X............................text............................... ..`.rdata..:W.......X..................@..@.data....#..........................@....rsrc........@......................@..@.reloc..`C...P...D..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5QmlWorkerScript.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):49272
                                                                                                  Entropy (8bit):6.47508786067958
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:0z9KXx97kRig4XgM7uSew5M0kZRY8P+16sfl3HXm1B77mzJ:0zEXD7kf+gU7ew5aZ+a+16sflnm1B7Cd
                                                                                                  MD5:DDC3CDCF3D9D2889BC5710067ABBE9B5
                                                                                                  SHA1:A0F12A4E49BED351624C6C9AD90A938A06DBC4C0
                                                                                                  SHA-256:3B532CAF148737916DFE3FB47B79B28E5E56BE2A6715460DD6C8F7B68730ADB5
                                                                                                  SHA-512:E69DFDC12A3260FE782AC597258B6F65F1AA6ABB9D56EF66364D6DD121FEDFA11FD5B7803FC3C3BEE99A554B27F807E4AFD1B8F1C3162F2C1B8EC6C448E06917
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dv%. .K. .K. .K.)o..&.K..zJ.".K.{.J.".K..zN.3.K..zO.*.K..zH.#.K.yJ.'.K. .J...K.yN.%.K.yK.!.K.y..!.K. ...!.K.yI.!.K.Rich .K.........PE..L...(k.^...........!.....R...X.......X.......p...................................... B....@............................. ...............................x.......(....|..T....................}......h|..@............p..t............................text...+Q.......R.................. ..`.rdata..t?...p...@...V..............@..@.data...............................@....rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5Quick.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3532920
                                                                                                  Entropy (8bit):6.746525997275407
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:DWAxAyPMh+6UI0+Gu8wXHm3EVHOaLh1esXHBwiXYuSM5ujOwQsGUYD3F3DV8Lu+F:ghLank3wiO2pvzisTuEpEsT8
                                                                                                  MD5:07BE85D99D1ABE75BD0221C1CE03C4BB
                                                                                                  SHA1:BCB35E6937499AFD08805D5E634EA222B0A0E86C
                                                                                                  SHA-256:544D0AC18788F8D72615C5E084034066F9966D3050C300B38A667FCB8F0E7E34
                                                                                                  SHA-512:D5AAC5E1A95D20E9E9B74C8DC1A6465B62601ED5B95D979B3540AC7E1AC388458DBF00D82933C810E03780655623BA084A5F0A13988B82AF98C871081260939F
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.9.&.W.&.W.&.W./..*.W..S.,.W..T.!.W..R.?.W..V.".W...V.,.W.}.V.#.W.&.V...W...R...W...W.'.W.....'.W.&...'.W...U.'.W.Rich&.W.........................PE..L....k.^...........!.....8!..........6!......P!..............................p6......b6...@......................... .)..]...:0.@.....3...............5.x.....3.......(.T.....................(.....h.(.@............P!..............................text....7!......8!................. ..`.rdata..R2...P!..4...<!.............@..@.data.........2......p2.............@....rsrc.........3.......3.............@..@.reloc........3.......3.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5QuickControls2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146552
                                                                                                  Entropy (8bit):6.585172415541417
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Bc3ZWeY/5A3zu9UFX64YShiROHq2NM5XEE:BcpWeYysSIROHq2ub
                                                                                                  MD5:09B895E2D6798E00472B965D80D8F3B2
                                                                                                  SHA1:3BF36AF5CC9F18D2F55C366FA59D010A21AF5C33
                                                                                                  SHA-256:F4DAB635B68D027EE9E109CEFCA62CBC1BB9FC6C8F5D2C66E70159A76F844C51
                                                                                                  SHA-512:D25E2F7D80F15FDBFC8E0D321D6C25C562271469D01825D8608530FF30EE62F5507BE2F5EAB6AC29EB3EBB2DD5EBBFCE6D58BAA343DC11E4A075A2E293980B69
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dq.. .. .. ..)hr.&..{x."...}.5...}.*...}."...}.$..~.+.. ..c..~.?..~.!..~..!.. .v.!..~.!..Rich ..................PE..L...@q.^...........!.........>...............................................p............@.........................0F..TP...........0...............&..x....@... ......T..................../......./..@............................................text............................... ..`.rdata..R...........................@..@.data...L...........................@....rsrc........0......................@..@.reloc... ...@..."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5QuickTemplates2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):948856
                                                                                                  Entropy (8bit):6.611578418543604
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:9x3GpG0gWJ2xVc/Guc/qbBZfSRpd4A7vwz:lebs7vW
                                                                                                  MD5:37A04C3F1B27D7B2E34BF60C5EAAA3C9
                                                                                                  SHA1:1D6E44C1F5D7A879BF0D13B3AED6BF70DF8499E9
                                                                                                  SHA-256:85E2728969FB0F4F5A66F6438E8E719F64BE70AC868E364037E5F2F4B9BA3D96
                                                                                                  SHA-512:3311FDD1DA21551CCDEE9DBBA02296B71A1E8DCA01988765E1EFE78EDF47C504A89649BDD9DD641ED88B9CEA7C7CF767874086137269542EB96E1741C1DA8DF0
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'~.VF..VF..VF.._>..PF...+..TF......TF...+..\F...+..SF...+..NF...(..]F..VF..wB...(..-F...(..WF...(.WF..VF..WF...(..WF..RichVF..........................PE..L....q.^...........!.....\..........,b.......p............................................@.........................................................d..x.......\....>..T....................?......H?..@............p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....0......."...l..............@....rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt5Widgets.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4482168
                                                                                                  Entropy (8bit):6.834247944875884
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:Z3j64Df4L6mmJahTjikXr35/VN68aLDnfDd:DhJqTrJ/VNKJ
                                                                                                  MD5:CD41B766612B7B65DF6F062A405A33FB
                                                                                                  SHA1:609AE9A2AE8AD4C41C5D1282157354610E4768AB
                                                                                                  SHA-256:BF37AB90776BA011EF345913EBF5BC1176B651B846F0288B6A25716E676D82A5
                                                                                                  SHA-512:C78094F2CC9F06652D8E9794E19AC3529B830B0438324FC8FA9C33802344E429AEC4F1168C9C0285EC3E545F36415A1489CF86A6FAAA927593180B6C13753E91
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 2%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q.........................................................J............J...m...J......J............J......Rich...................PE..L......^...........!.....T+..........W+......p+....e..........................D.......E...@...........................6..'....>.T.....A..............ND.x.....A.......5.T.....................5.....H.5.@............p+../...........................text....S+......T+................. ..`.rdata..@....p+......X+.............@..@.data...l....@A..h....A.............@....rsrc.........A.......A.............@..@.reloc........A.......A.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Blend.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19778
                                                                                                  Entropy (8bit):4.506742249246775
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGYxn/aZdntlAb82jPiDJRlGHyNbVMl6wTzBwtv3o7i6q3YrcAvk15Gflp:nDGYxnSb1mzB6+irokDGfj
                                                                                                  MD5:46BDDF3E69B845AC1C59C7352906FE38
                                                                                                  SHA1:9C4DD7507DE1F8A90F3AA2C2935C97700C34CAE5
                                                                                                  SHA-256:AEB67E09E08878484F0C1351A88F823D4A9D063C59EF33F56399747A2F058641
                                                                                                  SHA-512:005B22AB8CD2288D2B8B2D1BE29F2C335BA936E4AB5D4BD966396BFBAF5D4CBA19857BD0C93308A1078742BBD79D3CE4DE8C7B745EF7DFB8DA85E865090D17DF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\BrightnessContrast.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6585
                                                                                                  Entropy (8bit):4.598695759616129
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9ebNyJUHCShU2sKzlGbSjBV5VCVJys8s8sWWr:ndzgUldGcQWYJ+asieWKNUUxNwl6E
                                                                                                  MD5:4D10A854471E82FE9C1639FA31C650B7
                                                                                                  SHA1:B2D967E879B24C7CB10F41F0643DE81A303B9A11
                                                                                                  SHA-256:98060BFD123D2EE8A00FC6E9EA1C769390EF449CAE69343B84B3D3602769CBB1
                                                                                                  SHA-512:7A192630C134AE54DB3DECE1594DEE9A077131C890BC21DED37E7B617A3EE9839B5B7212460CB326E6DE2F5E42FB628B4442C57AC23312E19C1B607F978C02D4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ColorOverlay.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5095
                                                                                                  Entropy (8bit):4.707590936577697
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9qNc/XyU2sMlGbYAJeIcAeYLCYG7ECyNfRjE7:ndzgUldGcQW+ReAJdcVYL3xNwl6op
                                                                                                  MD5:CA164AC3D826D66663092DACF1346749
                                                                                                  SHA1:A49D104698F9262F05A2B79D0E37E3B7CC286A0D
                                                                                                  SHA-256:30D97360EFE13C029774513E6176BF68C8FAC7C87F8E03DDE458C8321784BA12
                                                                                                  SHA-512:9E29605EA07E61353792AAD17B60B39E50C79C2DA411745838C49ADAA262EB17C47983B516604C52BF1B7B2A0B3022643B48F0EA24C29A8ECBF026D2867CA7AF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Colorize.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7876
                                                                                                  Entropy (8bit):4.538071539723452
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQW4sDA1W6hJNp2MByJuzUQ6sONKNwl6gN:ndscGlsDA1WgNp2MBauV6sONKNwl6gN
                                                                                                  MD5:911DF8B6D57C50176D64598BB623514E
                                                                                                  SHA1:0ACC4D989DBE0025480FCAFB8680816EA417CD5E
                                                                                                  SHA-256:C97BCEA811DC59D480E9857196AC553D4863BA53783040BDFC7F5E339D429865
                                                                                                  SHA-512:4067EA21BA30902934D1995213CDDB95180C0EE0D52AA7D248D5535869361194C79312A1099D3350BF1C43A196EE9DEC12B915D00A7131AF4DEB57C135A3718A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ConicalGradient.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10264
                                                                                                  Entropy (8bit):4.632756205734315
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQWHgYb5PlokVpaVg+71YlmGzL3lH3DG6lnnqm:ndscGR0xVuIL3V3S6lnnJ
                                                                                                  MD5:BCFC5A243AC02C54BF7DCE968A917D53
                                                                                                  SHA1:8C32A1366569A37A77EA775435B4144E9A3004E8
                                                                                                  SHA-256:F331E1CFA131C3838603948333A1726887817626E6D7569E9540E084DF0D6075
                                                                                                  SHA-512:606E2BB11C1A3F382EFCE09410E020799984FB2547B793B7140F11388E342001DD313A23CF01D2F8E2B0C162C175D0CD3C9F31E3A3C765B53F33660C891A8188
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Desaturate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5079
                                                                                                  Entropy (8bit):4.6854391471828505
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9PVXNeU2shDGbSMyhcYG7ECyNfRjEIOmr2FN7:ndzgUldGcQWwLM6xNwl6q
                                                                                                  MD5:7E01BECD599DD1E7AB290C1541EDD291
                                                                                                  SHA1:F64C9A96EFFBA7E462E18994EF7933DC912AAAC1
                                                                                                  SHA-256:A4DFF399519267FACFB2F22033C65A03F1F472771CEF1DF91CD8714CC755EB98
                                                                                                  SHA-512:3F0FDCD6AD451DCD0D2AC58A41B46613766BF4D8EDBCB9126FE60D2997A94F01C48CB741923E66DD1E7FB300D9EC456BFF891EA70183B836A502FE22FD1C5B78
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\DirectionalBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11031
                                                                                                  Entropy (8bit):4.666918441303095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGxUUtVOUspxYhZl6aUVBsfyfZWxn9:nDGqPpxYhaaUVBsfyfZW/
                                                                                                  MD5:D9AF0AAB657E1A2D4FB2AE18A8D5CA61
                                                                                                  SHA1:CA846E4A745B55406A63B7DA024291F056EDBB1F
                                                                                                  SHA-256:8E60BB7C92D977238D52808587BA0DCA664D6119278B54453BF07657C815C872
                                                                                                  SHA-512:99E9CA5261DD1F7C5105C6474DFB92A6809F64F6D078D96595B24D0F0F0A9DD82844E7F15E397643811C052A658D319062149AFB9F19145E5FB12F76A5358FDD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Displace.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7217
                                                                                                  Entropy (8bit):4.622194749790818
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQWn+HeVrJsaVT69EGs5DFyPww2UKiUxDl66cR:ndscGu+QrJn8ELD0j2UKtxDl6N
                                                                                                  MD5:AF49F3B1F6460643F356DAA270A450AB
                                                                                                  SHA1:B7F81A99D5B23662EFC30D831C97D3BE25372E11
                                                                                                  SHA-256:D575BC8C0419B42DA1881C112ABD76F89FE3E4D115D2EF66BAA60C9391F2E23E
                                                                                                  SHA-512:BD43206D28773744B941BC0FEF328277F5F5CB9ADA4DDD62952723F2BA0A2C9D424B84A534D15C91C0466B9FE1422DA873123C796DB57650EE6B38F8A09C30C0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\DropShadow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12506
                                                                                                  Entropy (8bit):4.41298894510231
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:naizgUldGcQWG3gGj4MhuB4Nd1az/ivsCI8/ivse3gmZJOo1o6ZK5W8f6:nRscGh3g+ldUz/ivfx/ivP3h1o6Chi
                                                                                                  MD5:C4DF6196555578A35D0D81012FB946AD
                                                                                                  SHA1:C33CA563FEAE48724C8F41351A689A4786C682E4
                                                                                                  SHA-256:F1101F41816F3C518EF77077CBDCBEB15F4F8119DB3BDDFC0959CA3C4C45FDF3
                                                                                                  SHA-512:85A99272709A605D55C1FC3F17ED682DB6ACE93EEB2EC1680010676C01F0B4B2C6C0840DE3C5FBBD321F138A5EB0B83E576F82B207ECB26271E781A5EE831273
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\FastBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13881
                                                                                                  Entropy (8bit):4.530949121957846
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGAwf/x2bVV4xS+rAY9cNJGBRNaTiN/spNYZ4N1SzayJA/+:nDGpxW4xIIxmPcu+ayt
                                                                                                  MD5:6488C787CEA588F7DD68FF4ABCC19461
                                                                                                  SHA1:ACB301300C633AFFE5A515C026E73B9B0D81C91C
                                                                                                  SHA-256:00F6ECA1EB3A1730C09D6657E8A00FBBFAC4944D6D63AC2FB64BD64D48F6491A
                                                                                                  SHA-512:4F61B5F56FCAB5FE9CA6FEE35DC2405394357A6441C76DD148D74F179B28D6D93C581CD4CCA05091918640C1ECED1BFD17360F6DBEBA0B73100E3C4CFB1D7BD4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\GammaAdjust.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6235
                                                                                                  Entropy (8bit):4.646552357232257
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9cWNcDU6gk4aU2s4X8dGbFA8NwHlOvu/sJYvt:ndzgUldGcQW66g0uVsvudKNwl6FI
                                                                                                  MD5:9C511E64D3916DA3EEFB6DC01DE7D858
                                                                                                  SHA1:112E4A7B63CEACF737063C1B55FAA3A478D0EE47
                                                                                                  SHA-256:F44A77C8067D0E0FEB45CF34DCF903CE5DE259C481E78E853EDA7B9340CD9761
                                                                                                  SHA-512:4BDFA8596D3E72519F5F1A3E461AD9B8202B9A5F075CBE6FF6453F613BB4FA7F39128193ADF040554A9BD037B8D058B18587E85F73289E83F0DA32381A83A056
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\GaussianBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13601
                                                                                                  Entropy (8bit):4.592209063442914
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:nRscGS7ilRz/iv6AT91jCiGh497mMMDJfsYI7GpiZPdt0jIvficiLo:nfGSsOKhS9qTsYI7GQZg0HiO
                                                                                                  MD5:47B6F3D0C1CC49B0C3AC0DAA853CFE99
                                                                                                  SHA1:94F1CF2AD1A44C68BE2913530AEFC559B1CD7762
                                                                                                  SHA-256:5445B3591E89D696E8B2077AA35D3FEF9759F63E1A4D54D0EB4821DF3D258A74
                                                                                                  SHA-512:EE0A66B519ACAB711980D4CB98A2CD436B8AA7124ED72A0E6633443565211C5D4B68D361B909218ABBFF3F1A59082811B10CA03D9FAAAC2B26F9433072C2F711
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\Glow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10025
                                                                                                  Entropy (8bit):4.44241789855634
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:nRscGiaShPFtc/z/iv0/iv6M19kdywWULh:nfGiaSpFa0GD
                                                                                                  MD5:517A0AD29EC812A277469AAB0E5359FC
                                                                                                  SHA1:5354D65E640C5DB8012E36E19A0BC6CDE532B0F4
                                                                                                  SHA-256:91EB6624C489C506C54ECAFDC1EC9703A26A664995C833BA74B69D3F48C09B18
                                                                                                  SHA-512:809D2E10BCDA518FC1959F1EB8547DB0B604BFBD4A3C00C5150B75BD093CFB0FF07421031A014E67EDE75AF7151956F63CDCB4FD913BEE9344015F058CA8BB6D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\HueSaturation.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7419
                                                                                                  Entropy (8bit):4.551795677868133
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscG6u7i5shleXBbwKg833KpNKNwl6Mo:nDGhKhMo
                                                                                                  MD5:27721C5DA4FF5FEDB10808941D939E9A
                                                                                                  SHA1:F3309F93E9F4387C5DA1AA395BEA04EC67CB8FAE
                                                                                                  SHA-256:47E9054D530990ED45650F2ABD8E9212A3FF5D63B2E20AEBB249B3F414216602
                                                                                                  SHA-512:FC3FE0D96120D5213C344A35761AD09E6377FE2ACD145D91E3A3812A9C3270D40797CC7DA6C84F365277E21DCCB872135078B686F53536A9FF005C15C91180B0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\InnerShadow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12859
                                                                                                  Entropy (8bit):4.38678757261808
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQWntfslJqz5Wa32hoASjcB8wPZ8:ndscG6fEJHa32h/lPZ8
                                                                                                  MD5:4923D3751EB8B78D8A459D2EFEF66948
                                                                                                  SHA1:331250B29A4E6E934A5C4C3C09203A18D8B5416A
                                                                                                  SHA-256:0BBB5AF2E58FF3696937560DA502DC844D792A26E1EFC73F7A5165E410224386
                                                                                                  SHA-512:6026945A2A02C426FF990F72AA752D4B6FE6EAE184D033C843638D79EA5171DB621CB9A80622FB12D0EF8623FA14A133BFE1B78DEA35B0D2333E10A8EBB712B3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\LevelAdjust.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):15891
                                                                                                  Entropy (8bit):4.556057731614295
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:1dsgUldGcQW62Jm7mNWiEyNCNPbjbdKNwl62/+e:1dRcGbrmNWiPY7KNwl62/+e
                                                                                                  MD5:6F9FB56C6BED19906E1864393C76ABD5
                                                                                                  SHA1:E4A6F84CCE7885E9970F048677213D1EE7470296
                                                                                                  SHA-256:87B2ADE3F9E6C5C7B0E5F2EB2F1EF9F0E543D428FC62ACAD58CD8D3A9FD7B188
                                                                                                  SHA-512:6B0314D75B5968957AA69EBC13B72C09C2A5C85ED30AA1B76E70C3B10E086E6E1A2A1882E2BD7334835481E0907BAA5D1F43AD14F06EAC1273D770DC22CCDF10
                                                                                                  Malicious:false
                                                                                                  Preview:/*****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Add-On Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..**

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\LinearGradient.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10829
                                                                                                  Entropy (8bit):4.563214234773607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGbAX18AIIe1IefdLSacSS935aX9l63H:nDGbAX18AIIe1nfdLSacSSVX
                                                                                                  MD5:0C441705CF894B52EA283C9A0B72C1F9
                                                                                                  SHA1:F82C2B2E00D906176F90A5E53A53A747303146AE
                                                                                                  SHA-256:21F3E2CF42F8A429458008EFA155C6EE984FD9D2D96FA5B5C9B027AB9BB45EE3
                                                                                                  SHA-512:F52E3E111D9EF32F44D77D304378BFF3E9ADA3E38E740A872D6A6BC84F87037F43FEAA8844C993250C35E0A7CEE36DC1D01FFA09ED8E36EEA8F12834C8911EBD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\MaskedBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7807
                                                                                                  Entropy (8bit):4.639117118840595
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:naizgUldGcQWO9bDMb4L1EKimatisMRA9ryd5P:nRscG1pIUL1GMR8Od5P
                                                                                                  MD5:E1547CFA62DE702D4E06A8312396FF74
                                                                                                  SHA1:4DA2C91538D8B81C640BF4F148A07DF57AB2EB27
                                                                                                  SHA-256:70B5C9437F093FBC2BFD448C7C088C0A27C1141E5F592C42A436AE8F19CB0143
                                                                                                  SHA-512:0FA55542D60493B431C0035C24F094DC0C044AA1A5982D0C67B07E4792B063A3FFD4FA4858BCC92D5781BBA22E8EA78D1CBEA806846C0823A158FC74A7D1AC0F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foun

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\OpacityMask.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5585
                                                                                                  Entropy (8bit):4.685627644589191
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9ONXU2sorhGbHasxGDt5EYG7ECyNfRjEXGqaA:ndzgUldGcQWQLDxoLVNl6l
                                                                                                  MD5:41BAD5D7D181DB5BA516B5006E79E9C1
                                                                                                  SHA1:407538F15D386CBAE91281A981EBA1F8CFC05E06
                                                                                                  SHA-256:2E3DE7C4034B1F9D3376A827CF4A9A910E36431B5D5C5D002C2FDC2ABC05056E
                                                                                                  SHA-512:07644CD9C91C039E6C872B6ED3774BFF860F96EFF2188F3A014B393B3FECF735DA599A6B21B3367D1948B3484BAFD893F6B89149A45B912F2CF35EE755D2121C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RadialBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12345
                                                                                                  Entropy (8bit):4.66784524518964
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGGHNtsOt3z2xNhZl6S+JU7NkdkMDiiFeXaTn9:nDGG12xNhaSgU7NkdkMmiFeXaZ
                                                                                                  MD5:0BDA852F4A3DA9E70944CB9B324139BE
                                                                                                  SHA1:49226B8F2BAE75B5209AF9BD65AF6FA73B25EF1C
                                                                                                  SHA-256:65D16512749C9B8F307265434A4C09BAB3188E49C4EFDC74065FB1F4F0FBCB70
                                                                                                  SHA-512:173BBA2F258E4FE8294F3ECE2C63FF3314146A367F5F786335EADC73B84251E4E7AAF42BDCBE640C63414A467ECF7ECD728F48D4D03C31021A16A2FEC94D9863
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RadialGradient.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13745
                                                                                                  Entropy (8bit):4.494703020202901
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQW7ByvGv05ahXcPG+6Pi2g+7/YHzo135aX9l6lrik9niAjC:ndscG/sMcPii35aX9l6NX4
                                                                                                  MD5:ED1B7F1AE4D19D1151383FB13E355979
                                                                                                  SHA1:1206793A0E96BCCB75D27C569B61DC8A281849EB
                                                                                                  SHA-256:92BD66E1097F20411A27741A346C88E47B6F9EC6B560FE5A4BA2F756B4418AEA
                                                                                                  SHA-512:7D17B7AF9E6E8E13B770B1B7B5FCB4B75EB6593C81DF87B70ABB1F61FC48166E9B300271F06088CE42D20F83D9CC251E2B8E5EDF11DA74E256DE6F81541CB7FE
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RectangularGlow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9305
                                                                                                  Entropy (8bit):4.537386224718856
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQWkXn0HNUJAsRmHSuMTmtnWxbQ9VJ:ndscGz0HuJAsRmHSuMTmabE
                                                                                                  MD5:026A4FABB695B3E2BA6C446A464C2BB6
                                                                                                  SHA1:7EAC97EDB6C66FFCA0326697A1C3BC03934726AA
                                                                                                  SHA-256:D42A02D92090166EC878425F28061034C976F3012D1AB6663427E22F84775B41
                                                                                                  SHA-512:4E856E3CF388095FADBD93AEB41613E6BA659BA27EA1D3F7328045C3A05981B0631750E2DEBF7A37D29CAA158B391AE40ECDFEEDE90DB1A0626FBCD8525D61CD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\RecursiveBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11649
                                                                                                  Entropy (8bit):4.575505434264538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQWlbSOF3vHd9eTG8YKCtdbQxiXd6lM54EMzefgbEKaGzSJAIWPkCWN7:ndscGyvF/HTrJ4n9yQBuqIWwRp0LxW
                                                                                                  MD5:5856FB30F65717A3AE1AF8985F9EF38B
                                                                                                  SHA1:22B2DDB2226907F3C5D9554DC65120F8721F02E5
                                                                                                  SHA-256:A15EC6D00168B3369004C406E513A71C1C1082DF2F66EA086A9B956E23189E5D
                                                                                                  SHA-512:D69F9E99E95E45E6EB269F39074EC5107EB81D721F65B952A7F316B080C53D5886C194AEF02A1C1338BE6CEB4B42C2E6CBFD1FF462EFA3406025EB1CF19822F2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ThresholdMask.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7462
                                                                                                  Entropy (8bit):4.5825621177486955
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy98N6D+U2sPrhGbHoxGDtlGHyMwRQM/MMM2GkV:ndzgUldGcQWgMoxoPqKbTmY
                                                                                                  MD5:14B0BA19DCDB591AF93735CED2B235F5
                                                                                                  SHA1:E78F75E1C8453A98AA0A7BCD0A4F08B5FFED092F
                                                                                                  SHA-256:2F3593F4FBEC921A1DE0331C443505B0F70AA2E40834C5A1175E298874585B46
                                                                                                  SHA-512:8920FD4F081738E5A21F40DEB78061DA0AE27B8324DAFE4B96E01C1EC99E9DDC3D9F4E070DF6F2827F508AB827E6B43013618DDFADACEC86DDB8CBFD74E06C43
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\ZoomBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11760
                                                                                                  Entropy (8bit):4.654708081969159
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGl6axN/+QCpKYhZl6/UVBsqeiXabD9:nDGf6pKYha/UVBsqeiXaN
                                                                                                  MD5:549BF8839B5460FA531BF5EB9AD8079E
                                                                                                  SHA1:C44C223BEA82BAB57554120B7569465633D0774D
                                                                                                  SHA-256:57D3FB9FF4D4F5D3CD33FCBF45EF156CC74A3BD1A39A76CB6BEAF98F86766DFE
                                                                                                  SHA-512:CB29397C53050F73BD08B7B97AD7F8B6B5C0F1C78E9B600BCF8AF55843B0531DE815133ACD3B18BBCFCCC95FBFAE3F411335C05DAFE7D66EB8C3311E372F83D4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):327
                                                                                                  Entropy (8bit):4.927041556088633
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:IXsKNhYs2FUbJotxLfyj58NS20t37+ASekQ2JdHE9ItULe8yAJZ4Pm:I8VFJtx+L7Ix9E9uULe/Av8m
                                                                                                  MD5:C76BD51B4EC5299E2CC9EBDB505AB848
                                                                                                  SHA1:430083140E4AAB9ADBF39AD81E2FC820274A82A2
                                                                                                  SHA-256:6350C17D1667563EB1DFBA75FE5C4387CCC3F18F8EA1E266648F5DF463C1CCF1
                                                                                                  SHA-512:88068751E49C91D6309098BCAA76A6437ABF36EA1C14174E250ECF5B0F4A55A85BF42607D7B4CF61393D8B7DAD41C2DBAD3A4D15D3726667FD572E06F9B5B40F
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtGraphicalEffects 1.15'....Module {.. dependencies: ["QtQuick 2.12", "QtQuick.Window 2.12"]..}..

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\DropShadowBase.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3802
                                                                                                  Entropy (8bit):4.836210598784799
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M0iOO6E+iCshVKzlOWGf0hEVufy9OtsZjO/26l27xJa53KfzX6zVuOfeD:JiOgUldGcQWkQW7xJq3KfjQV+D
                                                                                                  MD5:BEDBC5F0389093B378549613B882DAC7
                                                                                                  SHA1:57C4D4FD27D928FAB37CAAE5B366BA603EA4E36C
                                                                                                  SHA-256:8CF00941F226FB8B15A476FB2CA902E53D8B7092077A89A50DCF4D3B393B8996
                                                                                                  SHA-512:CD2F4DC1797E00371FF31045CB5025041B8ED2A2339F7FBE92777A19580CDA9AFCC125247C6153D3AC9F09E05C38BCCD4459F804F7B5487F199510C86356F943
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 Jolla Ltd, author: <gunnar.sletta@jollamobile.com>..** Contact: http://www.qt-project.org/legal..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\DropShadowBase.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7424
                                                                                                  Entropy (8bit):3.032827250058743
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:mPNmd48VJuVPCAHzHlHd2egJxtlkmMt0GebxWUQxZ+l4VZjxVcGrLGfGOTS4Agkp:2M48V8HzuegsmMt0RegS4ApXKbFsmCX
                                                                                                  MD5:C6DBEFC365BDFD9C057A545222AEE449
                                                                                                  SHA1:26F66B2804FF51D310F430FB1892D67C139E84D3
                                                                                                  SHA-256:D7D1C4BFD92B314D973D2D2D8ABF06296F9F69FEB5F02F47D22B45C12DC28C40
                                                                                                  SHA-512:7A2AF42628AD4CDAC3B17CD97784E73D8B74D4008C1703023BDDF8AB4642A16898985E9FA2AB21283987265EF8AD1B6A29B146950C4D74D2158856965A8DB6BE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...................................................................k./.......7L.d.................#...;...8...............X.......X.......X...O...X.......................................................................................P...........X...........@...........(...p...........X...........`...........H...........@.......................#...@...#...`...........0...........0...c...p...c.......C...P...c.......C...P...c.......c.......c.......3...`.......#.......3...`.......#...........3...`...@...3...@.......3...`...`...3...`...3...p...3...........3...........3...@...3.......3...`...3.......c...........3.......3.......C...c.......3...s......................................@...............8.......8...............1.P.................1...........................@...............8.......8...............<...................<.....:.....@...............8.......8...............=...................=.....:.....@...............8.......8...............>...................>...........

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastGlow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9961
                                                                                                  Entropy (8bit):4.5553960156757025
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGMzlWrTY9cNJGBRNaTiN/spNYZ4N1/WbMXyJA/W:nDGMRxmPcu/byJ
                                                                                                  MD5:0531E44FE5BCCBECBFA912EF5E82EB69
                                                                                                  SHA1:8504E4A972B0806630525F1D2C3E9F935A0C9313
                                                                                                  SHA-256:AD22212950A1C8D9B09F6FA0393F8C0E702CFACC05241B0D5DF0D3D2BA9CEFA5
                                                                                                  SHA-512:1D2BC9F22D1286AA5BE3BF8291A1B33020717F3C3E509634C0497B1FE5CDD4B7A070DABED0AC72CBCD5514DFC2B0449734F79E9AC683C171C649466620587161
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastGlow.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21704
                                                                                                  Entropy (8bit):3.1461809813480404
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:4rCEiRP38EGK88W0NfDwF4zp1WXbYYBcpZuOgOOqfke5qTbfDZ51/AbV51pdE97t:4PErXBmXb9xbe5qTblMXd5te
                                                                                                  MD5:7CC378B780D05A0F982877832454F902
                                                                                                  SHA1:8ACFB4A33E74A42487D85DC3B1B8BD545418DDE3
                                                                                                  SHA-256:1E25348D701EE57DCDBAD19E3252B47D241A1B31367D16F5483AA1075025C247
                                                                                                  SHA-512:1212787BF488912EB6828F33A95FC855FA81549EB48BD94D4C56DC8CF496422878DE458F03FA3A90670049E1EB074D731979FA9F5A14476C09AC33F7F49A43D4
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)................T.......................................................q.i..MU0.E................#...m....#..P...........8.......8.......8.......@............... ........................................................................;..............X...........0...x.......8...........H...........0...x...........X...........8........... ...h...........H...........(...p...........X...........8...............`...........H...........(...x...........P...........8...............h...........@...........@...........0...x...........P...........x.......8"..."..."..."..C...P...C...........S...........0...C...S.......P...`...S.......p...`...#...C...P.......s.......P.......p.......s.......C...s...S...........C...C...P...C...p.......C...P...C...s...S...........c...C...P...C...p...S...C...P...c...s...S...............c...P...c...p...s...C...P.......s...S...................P.......p.......C...P.......s...S...................P.......p.......C...P...................C...P...C...P.......C...p...

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastInnerShadow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10099
                                                                                                  Entropy (8bit):4.5547161392604325
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscG1zlcCqBY9cNJGBRNaTiN/spNYZ4N1SblXyJA/R:nDG1JxmPcukyA
                                                                                                  MD5:C2C13CC2208F6A6A30139CFA572A7067
                                                                                                  SHA1:EDEDFF0BBF7B6F6FF4A7E6B80A27DD4A6209DC8F
                                                                                                  SHA-256:C3EDFDA7C3677D94681E002C1CE62D1BEA074A04A6232BC398534470F09E2578
                                                                                                  SHA-512:852B2408EE6F8BDF2250CA023A15253467BD3045BBE5AC992261B0B517B616FC6B6F43EC279D83E0AD823384450C6C793CD6E94341A3BA936DAB1663EC7A7FA6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastInnerShadow.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22064
                                                                                                  Entropy (8bit):3.1540685960247647
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:VLDmnnYvF75zo77VCirGuXqBzrrlJ/HZuOgO4iNKKq4UlHXsS2iLAam8zx:JpUzsrr0x0G1XFLAavl
                                                                                                  MD5:ED598F5CACD931028B71E66BCBEC60AF
                                                                                                  SHA1:411E8061798F6BD2C852D75168450A8266C479ED
                                                                                                  SHA-256:E21B5D64A2F31DEFC94623FC86316D27D7AC53B82384821FCEAFFA394B827CAB
                                                                                                  SHA-512:990437DB67927C7CDE1D01AF53FF414A83DBDB05F0716750B06C7DDE67162F74931884E9A7F828EA4CCA5F6AC9547E2B46C044D2E1B2768109B1D60F1BAAC9E5
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...............0V..................................................*.v.C.....V...Q................#...l....#..R...........@.......@.......@.......H.......................h.......h.......h.......h.......h.......h.......h................<..h...........@...............h...........H...........P...........0...............X...........@........... ...p...........H...........0...x...........`...........8........... ...h...........P...........(...x...........X...........@...............h...........H........... ...h...........@...............`...............x...0"..."..."..."..C...P...C.......#...c...#.......@...C...p...C.......C.......C.......C.......S...c...#.......p...c...#.......p...3...C...`.......................s.......................C...`...s.......................s.......s...........C...`...............................................C...`...............................................C...`...............................................C...`.......S.......S...........@.......

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastMaskedBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7916
                                                                                                  Entropy (8bit):4.650054740700734
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ndscGeOTRkgrAr9cNJGBRNaTiN/spNYZ4N0Trs:nDGehr5xmPchfs
                                                                                                  MD5:681FFB907DC7876FEF710231C3F0D693
                                                                                                  SHA1:DF3DE413EEF094DCDCF6BF0768304859C98AB00D
                                                                                                  SHA-256:D21C5523227CC24443C5A33D89D7A957BDA2376EAE16B9D2B6FBE5AED7D68433
                                                                                                  SHA-512:B82D979FBBAA3DEB154BF90EFCA76401AC3ABD7D04C71B5AE3CFC4DBB342BED7B387E609C1DC409431A439CA7DDCB65A85FDE9A3A39B69C0166CB4A6DBF62353
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\FastMaskedBlur.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20108
                                                                                                  Entropy (8bit):3.0155722311266056
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:d3qDQ1bE5V72t/7Fl0J5qPZqXdUH8OgOTIl0itLUMKhUBoPz1JV:tRHfZqXFx3fp1gh
                                                                                                  MD5:933F3CAF9CFD713B3F44FF031EC3C0C9
                                                                                                  SHA1:D5A1C3C48264B203D7686C6840F17A32ABEF5E8F
                                                                                                  SHA-256:FF776F2ECA5A08847417031CD747C56B49182C0815C9B29994E8AA6F56F6EDDE
                                                                                                  SHA-512:A262BAC0EAA1CAD38F9C96560301D99A42EC39839699A959B826BF7B5CCE91ACFE975B6AFAD0160C537CE7B0FECA4604F4548C173F0B01B584EA5C6C8FBB2B35
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)................N..................................................0..f..f..F.....................#...b.......U...........L.......L.......L.......L.......................................................................................p5..........`...........8...............`....... ...h.......0...............p...........`.......0...x...........`...........@........... ...h...........P...........0...............X...........@........... ...p...........H...........0...x...........`...........8........... ...h...........P...........(...p...........H...........P...........`...C...P...C...`...C...........C...C...p...........................P...............p.......#...C...@...............P.......p...............C...p.......................P...............p...........C...@...............P.......p...............C...p.......s...S...........c.......P.......p.......C...@...c...s...S...............c...P...c...p...s...C...@.......s...S...................P.......p.......C...@.......s...S...

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianDirectionalBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12752
                                                                                                  Entropy (8bit):4.927987689083792
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ndzgUldGcQWR8yl69yuT/jrKOxgmk1Rh+0qpj85TKsv2ceErtdtP+tTtxtUkKD:ndscGvyl6U7JtfNdtPepnU/
                                                                                                  MD5:C0E84EC177B5BD2899D721683311E5CB
                                                                                                  SHA1:1016D6790C4FC3C234F5FBB01DC7678E669135B7
                                                                                                  SHA-256:883D1D8BF62E98EE7D4590D647DC1B5E0B24213C646FE9F6C91C806B59E2277F
                                                                                                  SHA-512:5064F419868CDD32E6CA6DB3567E3EEB5E6B3E4A1EE8A3586B3B0C948972905057D9BD49A00E4612D817FDC7D664125C04B1D89D2BF689D6E09BAF37FCAED646
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianDirectionalBlur.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26696
                                                                                                  Entropy (8bit):3.55275408277976
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:N55YB62YRs3yqvg9oTtMuZ4mRjUnzcnyQbmTIp4DOQbmkv6ZrXkAAYB:NTBRTaDB
                                                                                                  MD5:1DACF31EB5259F16433CE03D39F9ACB0
                                                                                                  SHA1:6BEB376CE06D108DC2982B29C54F448A5764F4FB
                                                                                                  SHA-256:B4D5A2CF92FAD4DDC429A02D77F1F3EDADBF2EA0D24E372D478512FF06D1E809
                                                                                                  SHA-512:CE84780D8E33A07B28C289ECFA79A95B8FE11F4B27148226FF46D273ACD534A9D7FA4AB206E5274C6E8C0C6018F398C9946CFC83DBE23AAC0411F13C1A95B541
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...............Hh..................................................iTNu[...K*.6. S................#...........(...........................................................P.......P.......P.......P.......P.......P.......P................]..P...........8...............X...........@...........(...........0...........x.......X.......8...................X...........@.......H...........h.......x.......H...X...h...x...........C...P...C...0...C.......s.......C...S...P...c...C...`...p...C.......C.......C...................C...................C...................C...........C.......................S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S...S...........S...S.......C.......C...........P...c...c.......c...s...`...........c...c.......c.......c...s...`...............................#.......#...0...#...@...........c...p...3.......#...................

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianGlow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3823
                                                                                                  Entropy (8bit):4.784379577769776
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9pnu6IwSYh7NlyuNTIMiGgjb7OeQ7ruI:ndzgUldGcQWoSYhZlysUb7NEyI
                                                                                                  MD5:E2C260FE7963564B5489900BB4DD3F35
                                                                                                  SHA1:9093C5C745196084D9A034D11CE5E605B62D2595
                                                                                                  SHA-256:04D9A63435F6C8723A0744274750E305375D63532DD7D215526501C66DD0C690
                                                                                                  SHA-512:5F2C6ED09A2647C3C1875A8FB1E3B65FC58CDF99F7245F2F1F820270F2D22EFFA5883766100F7BDE27B6C34C3A50308BB85BD54341691D3A88C3FE50C863969D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianGlow.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7616
                                                                                                  Entropy (8bit):2.9791374337899468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:kr4B+neOB0gW+PFeW68ef5UuOermSXxSFVfuY:kr4BCe+f3PcWXqkVmY
                                                                                                  MD5:5D602DE6CF2818BE92236649A42EF612
                                                                                                  SHA1:B8FAB2200C88F7C7F7B18C14A20917667BA76E45
                                                                                                  SHA-256:EC810BCF7F1B8CAAA1CDF0B5A2F36402ED888FA5300F11C45D09CCBABAE49D5C
                                                                                                  SHA-512:DB36BCDCD93F3D4E576F725D8E47E94A7AC9A9DF873E5506F1D18B13AA7BB5A359D1E99B1B396E3AAFBB4869C47D75A5CB05A8C53E95731CFD02D8D79D5ADFA6
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).....................................................................Y .T.k).../.t.................#...:...................X.......X.......X...<...X.......H.......P.......x.......x.......x.......x.......x.......x.......x...............0...x.......H........... ...h...........P...........0...x...........P...........h...........H.......C...P...C.......c.......`...........p...c...p...C.......................s.......s...C...`...C...............C...C...`...C...p...C.......C.......C...............`...s.......`...............s...............`...........C...`...C...p...C.......................................................@...............8.......8...............7...................7.....:.....@...G...........8.......8...............8...................8.....:.L)............:.....|.....:.....|........H..........................@...............8.......8...............>...................>.....:.....@...............8.......8...............@...................@...........@...............

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianInnerShadow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4345
                                                                                                  Entropy (8bit):4.758638626564817
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9pnuU2YFpNlyIf8jk7r5Q0SOp:ndzgUldGcQWIzlyoQw9Q0Sw
                                                                                                  MD5:87972FA777906FF3A3F0C86989BC7FB3
                                                                                                  SHA1:F015E3685E60CF7B53A6F92448F646E17F34BB7A
                                                                                                  SHA-256:E47DB40488C3CAAE81826F4A070BE22F2FC3D2720F69E6359E7CF027121BB524
                                                                                                  SHA-512:0CCCF2B60769BA97731E90FB1806028072D0676D62652EBDDEB19808CCAE62F4D7BBEF5F5AE2F94B746759B677501FC51DB9E07B9C0163A725F390973728694B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianInnerShadow.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9408
                                                                                                  Entropy (8bit):2.9412660406771045
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:xh1sQTfz8n4aRBllOW3MWwIeT0Q5gShUbef5UJZieMhUoiYH4hs1QI5+JB22d:xft+4aRBllOVHZT0KfUKNP6Iid
                                                                                                  MD5:113EE628E99A6D1A00769EE8277A9AB4
                                                                                                  SHA1:B4E7EEF172D5434C5BCBF6C8AEEE6FBD636352AF
                                                                                                  SHA-256:EBE6D2CF5DE1BA828D09693D1EEEE983897892F8737A6D257992E98CD17AA39D
                                                                                                  SHA-512:9C019342896A538EC13FAC8926105F54B7B80EAC987C81787DBEFEE3BB7031ACFF5BBF94894162F69A08DCE0D19152AE2A8A9A7E0A6879D887824617C22484C5
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)................$...................................................&e,t.......4i.................#...?...@...............d.......d.......d...4...d.......4.......@.......`.......`.......`.......`.......`.......`.......`...............0...`...........8...............X...........@........... ...h...........X...........8...............X...........C...P...C.......s...s...s...........C.......C.......C.......C.......C...0...........0.......C...`...C...p...................s...............0...............C...`...C...p...............c...C.......C...............................................\...(\..@...............8.......8...............8...................8.....:.....@...............8.......8...............>...................>.....:.....@...............8.......8...............@...................@...........@...............8.......8...............B...................B...........@...............8.......8...............=...................=...........@.......".......8.......8.......

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianMaskedBlur.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4041
                                                                                                  Entropy (8bit):4.809241191703437
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCdzO6E+iCshVKzlOWGf0hEVufy9pvuISYhuh7eaUpTIMiGgj4JmHeQ7rVJmI:ndzgUldGcQWgSYhuhyaKU4o+EpoI
                                                                                                  MD5:436B9F140A9E5B7EC88FF6AB8AABA2F3
                                                                                                  SHA1:716697CE121CFB3601FB217C41ECF8578D3A9C7D
                                                                                                  SHA-256:98A39F372BC7A6DC83A4E7E51B56D2AA81E458DB1B3AA05850B3C22CF4C2F9DC
                                                                                                  SHA-512:4B1EA38CD82E2C73EC3282D8523EC7060656DB7143045A6E8F1A8F437B0333E3811D48A496E230DFC9F4D727D9315ECCDA71C48329B3ED865DC4DF9A7AF9D4DD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Graphical Effects module...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in the..** packagi

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\GaussianMaskedBlur.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7908
                                                                                                  Entropy (8bit):3.025830345523107
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:1mj5R9/wvyixX7eWJ8ef5ycOercnHOY2u2bxHust:1mlRtwKiZ6WqnHQVOc
                                                                                                  MD5:9C2B739EDD2941426017361A5B7CDD07
                                                                                                  SHA1:95D4B08FBF936F628F328E28EA28FAEA534B42B1
                                                                                                  SHA-256:4F0566E7F19349A34072363DEEB9155DE94081DF3396E7537E978D39915BBDD7
                                                                                                  SHA-512:08838BCA88595CB6E570C627D4C13A0E7CB3A23FEE2CF4DF879E15D18825866B9532005D5D76F7206000770DEC00D97D7B971EAE86F2BD1C50E5EF7BA162D5C2
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...................................................................u..j..n...0...................#...8...................`.......`.......`...H...`...................................................................................................x.......H........... ...h...........P...........0...x...........P....... ...p...........H.......C...P...C.......C...c...P...c...p...P...C...P...C...`...C.......C...c...P...c...p...P...C...P...C...........s.......................#...P...#...p...c...p...#.......p...C...p...C.......C...........c...P.......c...P.......c...p.......c...p...c...P.......p.......p...C...p...C.......C...............................................@...............8.......8...............6...................6.....:.....@...G...........8.......8...............7...................7.....:.L)............:.....|.....:.....|........H..........................@...............8.......8...............<...................<.....:.....@...G...........8.......8...............

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):446
                                                                                                  Entropy (8bit):4.831008563710771
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:xr9UIm6eQNuuWFEUG1bkAddYMUEqRpXQu:t82NuTep1LzVypl
                                                                                                  MD5:82BE01F1AD655AE2E5068903171BCA0A
                                                                                                  SHA1:810ADFB9C00A5FA65AC7FF30B0A2CA05F873E058
                                                                                                  SHA-256:D7681C4C0C927F07EEF863A156E254BDE0BFEB48A0EEA88F135B80325AA77FDF
                                                                                                  SHA-512:97E777FC63A9D851B52A4B9FC2EC1696A3F0BEB72DBD91FBBB8EA7F16CBEE421D4707DCC11672F6F8AEAD8098FA3DF3B6044607AACD3F573D5A0B22F4CFB611D
                                                                                                  Malicious:false
                                                                                                  Preview:module QtGraphicalEffects.private..plugin qtgraphicaleffectsprivate..classname QtGraphicalEffectsPrivatePlugin..FastGlow 1.0 FastGlow.qml..FastInnerShadow 1.0 FastInnerShadow.qml..FastMaskedBlur 1.0 FastMaskedBlur.qml..GaussianDirectionalBlur 1.0 GaussianDirectionalBlur.qml..GaussianGlow 1.0 GaussianGlow.qml..GaussianInnerShadow 1.0 GaussianInnerShadow.qml..GaussianMaskedBlur 1.0 GaussianMaskedBlur.qml..DropShadowBase 1.0 DropShadowBase.qml..

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):51832
                                                                                                  Entropy (8bit):6.500989465582415
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:epWOgA+9N/iJdHlpmkewtk0lmdgjbW/b6S:ekOM2hk44dgjbWWS
                                                                                                  MD5:EE8C49F3F53594E151219FA4A07AACF5
                                                                                                  SHA1:3DE74B2708ABE512FC179B0CA0911ECACA882D46
                                                                                                  SHA-256:050942FC820F1383A1A1AC2A07353C319B501E05B5F00D00BEB8C900AF202CB0
                                                                                                  SHA-512:375C635B57FFCC11C4A6B30ADD339F8257CA3C79145A31C020BBEB8FCC0C1C19BCAF357FFBD265C69893BF80E4B288058698A09C2196D903241CF94BBAAC3B73
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$[0.E5c.E5c.E5c.=.c.E5c.(4b.E5c.-4b.E5c.(0b.E5c.(1b.E5c.(6b.E5cL+4b.E5c.E4c.E5cL+0b.E5cL+5b.E5cL+.c.E5cL+7b.E5cRich.E5c................PE..L....o.^...........!.....P...f......oV.......`............................................@.................................(...........h...............x............w..T....................x......Hx..@............`..P............................text....N.......P.................. ..`.rdata..4I...`...J...T..............@..@.data...............................@....qtmetad............................@..P.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1016
                                                                                                  Entropy (8bit):4.97599520054607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:teatRDyUyGlETnlADBYGckBupY8dL6L7toVyiAkRlOPlyNOwPtZAHFK:IcVyhqOna9LBl2ovi3Al6zoE
                                                                                                  MD5:B30FDDA9D8391BC35EBFDDB4AD45952F
                                                                                                  SHA1:E614ABD59DCAFD491E456CB48695A4C932D05B0C
                                                                                                  SHA-256:A33AC64A4DA419166EA7B498F5B5573B8B0F3D9068C7506C6911F17FAEB947F0
                                                                                                  SHA-512:6265E82481CF9627C3FC75458389F61CAE3A5FC719662AD673B6C7F4CD52AC3CCC0AC940EDBA3E8537FA511FC15B69002D17216F351F99BEC335C24014396901
                                                                                                  Malicious:false
                                                                                                  Preview:module QtGraphicalEffects..plugin qtgraphicaleffectsplugin..classname QtGraphicalEffectsPlugin..Blend 1.0 Blend.qml..BrightnessContrast 1.0 BrightnessContrast.qml..Colorize 1.0 Colorize.qml..ColorOverlay 1.0 ColorOverlay.qml..ConicalGradient 1.0 ConicalGradient.qml..Desaturate 1.0 Desaturate.qml..DirectionalBlur 1.0 DirectionalBlur.qml..Displace 1.0 Displace.qml..DropShadow 1.0 DropShadow.qml..FastBlur 1.0 FastBlur.qml..GammaAdjust 1.0 GammaAdjust.qml..GaussianBlur 1.0 GaussianBlur.qml..Glow 1.0 Glow.qml..HueSaturation 1.0 HueSaturation.qml..InnerShadow 1.0 InnerShadow.qml..LevelAdjust 1.0 LevelAdjust.qml..LinearGradient 1.0 LinearGradient.qml..MaskedBlur 1.0 MaskedBlur.qml..OpacityMask 1.0 OpacityMask.qml..RadialBlur 1.0 RadialBlur.qml..RadialGradient 1.0 RadialGradient.qml..RecursiveBlur 1.0 RecursiveBlur.qml..RectangularGlow 1.0 RectangularGlow.qml..ThresholdMask 1.0 ThresholdMask.qml..ZoomBlur 1.0 ZoomBlur.qml..designersupported..depends QtGraphicalEffects/private 1.0..depends QtQu

                                                                                                  C:\Program Files (x86)\DriverHub\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):62584
                                                                                                  Entropy (8bit):6.1127558774395805
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:D7JZBgBqWS7/JOyZcCaMgtz8jd4lpdj9Ik4z2Zarw+sbzoJ1mzyY:HJZKdrrarlsbz99
                                                                                                  MD5:CCAD57A187A1F6A45EE29B63C7EDBF70
                                                                                                  SHA1:0142D1828DA43E2E7AD9461C16B8EDC733757239
                                                                                                  SHA-256:A24E70AEF4F54268217473D5F58FB9672FE27A7E32D57FAA0A7CC60B3AA72111
                                                                                                  SHA-512:424DDE93D4E88AC177E81CA52001561AB1024517645E0C1C50A416A2F77C648A1B2DA55410F4D8E4B2C98E418BE1B6566E4DD5B03F7F276690E3901E58AF1A4B
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2#..vB..vB..vB...:d.rB.../..tB..-*..tB.../.dB.../.|B.../..tB...,..sB..vB..4B...,.tB...,..wB...,..wB...,..wB..RichvB..........................PE..L....o.^...........!.........................0...............................0......+.....@.........................p...................h...............x.... ..4.......T...............................@............0...............................text............................... ..`.rdata..(....0......................@..@.data...............................@....qtmetadt...........................@..P.rsrc...h...........................@..@.reloc..4.... ......................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick.2\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):204541
                                                                                                  Entropy (8bit):4.333953565609104
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:hALVzqJqDxmo/ADn4kdHNMISuI8Val+o8DQ736R4H33MNlknmPqQPuemxsSaRkGy:UVeIDwM6MIqh2o36CPxTxCRkGlC5b
                                                                                                  MD5:1C03A2CB4B001D5E7395821649854E27
                                                                                                  SHA1:7BFF9C426D920F85AF9CF6355B0E7EDCAFC9C42D
                                                                                                  SHA-256:A4C18F06FE88BAA04CD638CB23CD161DFE015F1ABB6AF83FF7610A2E4235CFD9
                                                                                                  SHA-512:09D3A2CC1A0FCD6618B44C9772F63A61CB999692E65CA2A2B75C1CC66D365B6A2C2B3B04208954006F1AC4802E328ADA010346080B9387A35794C0FE5A36D449
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: []. Component {. name: "QDoubleValidator". prototype: "QValidator". Enum {. name: "Notation". values: ["StandardNotation", "ScientificNotation"]. }. Property { name: "bottom"; type: "double" }. Property { name: "top"; type: "double" }. Property { name: "decimals"; type: "int" }. Property { name: "notation"; type: "Notation" }. Signal {. name: "bottomChanged". Parameter { name: "bottom"; type: "double" }. }. Signal {. name: "topChanged". Parameter { name: "top"; type: "double" }. }. Signal {. name: "decimalsChanged". Parameter { name: "decimals"; type: "int" }. }. Si

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick.2\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):111
                                                                                                  Entropy (8bit):4.476510489896447
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BoMURTEvyWmopYey+RLV06qWoZAhoAw:x7Us8oOf+keSAho5
                                                                                                  MD5:FCEDCCC4408C301DC6B1FE45721353AC
                                                                                                  SHA1:1F8E8E590505274D317573CA074AECDB70B3C596
                                                                                                  SHA-256:7E844000C1F61DB37173EE953012981D533C950E7FB772C2672CA74DCFDB914B
                                                                                                  SHA-512:4C4FDC7EBAA3DA4DE15832859D92A7AAB19EF7E7B5ED9C7858642C0BFD4145BE2962ECD2FC12B150A5F81797E8E47197A076A46AFE936EB29E4D2F41F78077D6
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick..plugin qtquick2plugin..classname QtQuick2Plugin..typeinfo plugins.qmltypes..designersupported..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick.2\qtquick2plugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21112
                                                                                                  Entropy (8bit):6.175998723290675
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:42QiRI5yLcsMR2FYj33zci5sLgDIGxAnfePPLTTjj+:FRI5ykMFeF+LgDAmzH+
                                                                                                  MD5:E064DFD82F6D37163FDE01C18906A956
                                                                                                  SHA1:D65141402D9A792D5D14A1421F88F10410F5F0AF
                                                                                                  SHA-256:16B2909D64F493D870B84C64E05353B54F645BF11944E04B7205AD026C3E2F63
                                                                                                  SHA-512:5F35B20E5C5131034D9507B67F9C094793A551195D21F1E22A4F0CC5F42EEE353D8982EF4DE994B4F22BE751E539362B6513B81570A77B035BAF07AD06B61C47
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q).q?z.q?z.q?z...z.q?z..>{.q?z..>{.q?z..:{.q?z..;{.q?z..<{.q?zZ.>{.q?z.q>z.q?zZ.:{.q?zZ.?{.q?zZ..z.q?zZ.={.q?zRich.q?z........................PE..L...8l.^...........!.........(...............0............................................@..........................;..|...,<.......p..P............<..x....... ....3..T....................4......h3..@............0.. ............................text...t........................... ..`.rdata..^....0......................@..@.data........P.......0..............@....qtmetad`....`.......2..............@..P.rsrc...P....p.......4..............@..@.reloc.. ............8..............@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\AbstractButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2196
                                                                                                  Entropy (8bit):4.822911595644864
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OLrQ3JFbtP:nd5CB7fdpFdU3vpP
                                                                                                  MD5:EA48511545DD3181AAD31E175715116E
                                                                                                  SHA1:02D589A22BD260249FAB2FED18EBF2BBCAE7D7B5
                                                                                                  SHA-256:73C1652D0326049D9D43EF24D15EDDE474D1A764BD7DFCB8F3B83C2823D985C1
                                                                                                  SHA-512:25BE70A08983BCC757705D92296C03DC825B20FF520CC3A8AB76F02A25AE46B33D2F79878F21268018667E3B1E3442B7F9A43C7701547F1439A7CEDF1C9961A7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Action.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1846
                                                                                                  Entropy (8bit):4.798549880380156
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9Oc:MCd5H6E+iCsAaKj7fOWIkFy9Oc
                                                                                                  MD5:FB7B31A91F3E60DC6B0D399106AA126E
                                                                                                  SHA1:274D1F3A351F1138082701CACCC0A5DEA9710359
                                                                                                  SHA-256:523DE0EFBD2CDBBE342ABAB01E8AEB1AB0CC01D840AE27712F87324646DB1D48
                                                                                                  SHA-512:FD65F23E1AA1EB88229786A488D0FEFEB685E056E60ECC59325D35AD1D94EAE6E28880F529435B3A87284036C872600543BC552E3B285A0AE010DB76DE35A37F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ActionGroup.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1851
                                                                                                  Entropy (8bit):4.801036857486239
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9OHn:MCd5H6E+iCsAaKj7fOWIkFy9OHn
                                                                                                  MD5:66FF9D123E79EF8C2E24051173EF4353
                                                                                                  SHA1:0F0D3D8D9633126099F7872ABBBCC7AA620BD664
                                                                                                  SHA-256:AF7AFB4F8FD6E98CADB48E6D6FDEF78EF48D8617C07D1E0EAA927D3FF0F5001C
                                                                                                  SHA-512:D9B3BA5E4587E4DFFE6E67F585DED42FE5DBA7D1E45C353C40D5D10611937AD26BEE05D629FB952625C6DA633826BA86C2006167F8BDA54DF65F41BDD5954980
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ApplicationWindow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2206
                                                                                                  Entropy (8bit):4.859857255789024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OCMhgatRX:nd5CB7fdpFlL/
                                                                                                  MD5:BCA14E0F28CC7E609E21703B3082AF72
                                                                                                  SHA1:26E8503D57F664523B8344E7B485403113B9B44A
                                                                                                  SHA-256:13AEF729C0A8C10B4D2C7CDC2D07C408837BC4B01BAB8F1E4B7F0F565BE785B5
                                                                                                  SHA-512:6384A8C29301ECB8B41E8980E629ABAF77F1D7CAB1762BCE4F6BCE01074C300024352C8F7995878B1BA4B6776F5B1D5CA3D3FD9FD736B6E11DB626A11CC64069
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\BusyIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2598
                                                                                                  Entropy (8bit):4.845035402761518
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgpDQ3JFbtE6wB:nd5CB7fdpF0d3vpE6c
                                                                                                  MD5:A5CD195A941116FD9FFA1F81A851932E
                                                                                                  SHA1:73BDAFDDC4482C1423B9C7C70ED6C874425E33C3
                                                                                                  SHA-256:9D5F2B8B73243C6FA6B62EDBB2A7E10A461FD8BE29D9DC4F8A352DB2B89BF72C
                                                                                                  SHA-512:892456A23D700F4D61921E8F742BEE9814CBB14A1461F1232BEB196C8F0DDD8140D8785CB6BC2C00260F5EA136EFE1FE3A6E3FBA47E0BB08149AB735D3CDA48D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Button.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3597
                                                                                                  Entropy (8bit):4.784454586015021
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhglQ3JFbtn3kXxEzPwXRpcWr:nd5CB7fdpF0r3vp3kXxI0WW
                                                                                                  MD5:12337A6D1E1B9ED058419D8EF969530D
                                                                                                  SHA1:A65679BD21ED2CC5FEFC48D1DD00F3677AAC9BD2
                                                                                                  SHA-256:B28B1F726DDD5CB408C71F47EC62D9F4E5554BAF7C813A14408ED89E19D0C35A
                                                                                                  SHA-512:91FD2CCDA7345FD5F9DCD0243354D9F6F4F11F84A6E8DF7BBDC5C0848AE10D36EC45A52E5722C01934F231E682AE69CD2D34D74D90D2FB398CDF199434C6BA96
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ButtonGroup.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1851
                                                                                                  Entropy (8bit):4.801716178540186
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9O1n:MCd5H6E+iCsAaKj7fOWIkFy9O1n
                                                                                                  MD5:59F570E3703E5DF2AA33E6A6833DFC5F
                                                                                                  SHA1:1868D5D4477004A91B027D5692251FEAF437E254
                                                                                                  SHA-256:1394D0A7BD3C10D033426E5FB95CB9DF75FBC3FE22962F152F9EB334836528FE
                                                                                                  SHA-512:3859B2CF04BE03931F0A8CD22BA94888090E506C3E2510A89E8B8D73DC9952D5976F3163E33AB881C55D9F1AEB2D92D84FDADDFC2CC6E7B9ADDEDB4367FFEEDD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\CheckBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4022
                                                                                                  Entropy (8bit):4.793392595957024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mh6QQ3JFbtoM3W0J4TEw0xeskxJy:nd5CB7fdpFG03vpoM35ogWo
                                                                                                  MD5:B504A8ACF2FD92ACEA40D292455FDA3D
                                                                                                  SHA1:1EC7F59CEC57622763E1610D65DDF2A1A84B429E
                                                                                                  SHA-256:376C36F8BB81EBD6D7CA09BCCAD95F9EF307BA2052DA38DD07228B7489C5BAF9
                                                                                                  SHA-512:21EC9BD071DA65F5A95084868FF8F17AD73FEC1B2A669CC850A42FAA3ABCAC35D62B40DC2847157805D209EE318B4A0046626B3D1574326BE623DAAFE6BCCB0B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\CheckDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4478
                                                                                                  Entropy (8bit):4.7756725637253234
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhJQ3JFbtoMhxeszxqkXx2Mg1XY4TEVPwX8OZ:nd5CB7fdpFGi3vpoMjLqkXx2MiINyZ
                                                                                                  MD5:BD2D13E8E608EB8DFAE8D345AA1CD12E
                                                                                                  SHA1:BD53B8EAF56B713D0697CC0681E1C2E11B51EC60
                                                                                                  SHA-256:FA4674932BB9B4F3571748440B4141A0C23A6DDB870DE8084081C6B926CC5E57
                                                                                                  SHA-512:3CFA5756C1AAFF9B5259735568F132C89CF7223C0C759F7DE429698876A5DE996FB4DF2D6EC109517F740D99848C3326383DDC113DB19953F7A9A0A73598D3A8
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ComboBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5927
                                                                                                  Entropy (8bit):4.742618150400444
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFn3vpoMUBm0UpyzP+sf7Vgi949q6X7N:nd0Bhp/JflK1jGX
                                                                                                  MD5:6C70E22BE2B15DF763F430858F990573
                                                                                                  SHA1:EDF65989F3152385D3A3CCEB5CDA8941D282869F
                                                                                                  SHA-256:9C85346D76F0241D3927E46EA1E2CE0B9927141CB669B79B5C99774C01971A53
                                                                                                  SHA-512:B10ED62D28B31234B461AC891EA8E3AF800C303C61F0DB8F6637D40EB5CE1816E40370165AF57F43FE8B5F549D98E5804AE2EF404A876770A2697D2873311B4D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Container.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2175
                                                                                                  Entropy (8bit):4.816116777865285
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OcQ3JFw0P:nd5CB7fdpF93v5P
                                                                                                  MD5:84DF8B268EF632C64B841C21C7D07BAD
                                                                                                  SHA1:A82F850711BF50BF9B6AD3849A623FCD81910273
                                                                                                  SHA-256:9A35DC7EE7CED74448D59FE12A1E0C289569864BCC5EF0CF643B73A8ACEBE0FF
                                                                                                  SHA-512:673F09577F2AFBC20A1EC5AA980C93F1C128C1949D5E4C291C8C2AB898DFF7F1E84E3BA669AD1FDE810CDD29DE1D7D783015D61B87DF7E03668A22EE8BDF5986
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Control.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2189
                                                                                                  Entropy (8bit):4.819043374247721
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OKQ3JFbtP:nd5CB7fdpF73vpP
                                                                                                  MD5:35062D9350B9F6EDE14D98B7FB51E230
                                                                                                  SHA1:BC29795862934E823560769EB0B81B332164B0C4
                                                                                                  SHA-256:C36C30FD83CCD08A34C78684EA95FA902777108C3A3285580DCB51BA5650D3ED
                                                                                                  SHA-512:8983F299A176CA5EDDBFBF2E4D1C60425723A103A4905FD33D9C98E1A81BCEB3F0C7DB0CB633A7B5159EA49EB5798F2E282586ECE7DA9D4AF8866800E355FA97
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\DelayButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4163
                                                                                                  Entropy (8bit):4.713943551661154
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgQrQ3JFbtsrE0qV0OJatWlSC7V/LEWlSCIPwy:nd5CB7fdpF03U3vpsrYNIXYSce
                                                                                                  MD5:5168C33198A4BA990130E5FE7ED8CE8F
                                                                                                  SHA1:63DA160F997797A1FAF0E86EC68F6CC75D17878A
                                                                                                  SHA-256:D53409FE94CFAB9F60485C8472613BB7806F1062C295DD9DF1FBDB61E1AA7F53
                                                                                                  SHA-512:0D46BABC8AE0747210E0BF60C6E03CF4C05B60CE26DD973FD1DA98A780C08F921370A100B48CC37F27F67A6B6C290BC70E272BBBB085FCD035E4BEFF8804A102
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Dial.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3493
                                                                                                  Entropy (8bit):4.831719719729733
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgTQ3JFfCtj7AroREri52ZUfP+eX3FJ:nd5CB7fdpF0N3vanA0RQi5TX+enFJ
                                                                                                  MD5:DA3A5C0142C1A707756DCA3CC8425704
                                                                                                  SHA1:E06B7962FA75F59FD4A3A5EE99066EC959E326A8
                                                                                                  SHA-256:0F002B11F845EC2BA3FA8DA40CEB5ADDA050E0DE5F75B8F07C98AAB44996E100
                                                                                                  SHA-512:17AF838901AEC3D2A9F863982E8ADE97C224D1BAE1826B329705FE14F30E763066D568B24AADCE161DB8998E56095F70C286B5A3DE103ABBC317ECA9B2B3C3B0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Dialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3310
                                                                                                  Entropy (8bit):4.7462705851417475
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhWQ3JFm0QuLYup5byaxE:nd5CB7fdpFGZ3vn3L/pxyaC
                                                                                                  MD5:8C2EE0D6AECD93E86C85C7CE4D0934C2
                                                                                                  SHA1:98379BD5580F66D4C48A80266367E2B94C8DD39C
                                                                                                  SHA-256:5A9C5FCF25151107B0A4DB78614EF94C2152B1A5CE253FA6A1501E4611CF77D2
                                                                                                  SHA-512:CC6A7250F3814ADF405D5B8F42F417DEEB14ECBFD421895E96D7981EE147CCAC705C5816708475BB674D31A12A1A71E46865BD8431923E794333C88D80604526
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\DialogButtonBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2924
                                                                                                  Entropy (8bit):4.8351607382479385
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGQ3JFQeGYtaC9GwRCweVXsV:nd5CB7fdpFv3vQeG0aC9G0CHaV
                                                                                                  MD5:570B8CD91543A1F582AF7973DA815CB4
                                                                                                  SHA1:E909B6FBCEFDD63B059141AEAE284654AA0B5346
                                                                                                  SHA-256:409137D65F2B71C5972B3B7E5BF45E83760159ED5E57988020445D8C84A11806
                                                                                                  SHA-512:A56BCBA31EAAD48A5A7F1A018037223E5E710241F250103A58D942DAAAE40A6993C40BD4912E2B46079C6249C86B1CE7514711B7AB90D04EA4AC469F943B57F9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Drawer.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3301
                                                                                                  Entropy (8bit):4.8590682549607696
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg4QBJFw0tfnMoWQ+:nd5CB7fdpF0uBv58X
                                                                                                  MD5:C56ADAD225CB248C79852E9D21DE7D9A
                                                                                                  SHA1:DD00F6244743ADF0B6A2F297E1BF205649363A1A
                                                                                                  SHA-256:928267E5627A15217BDA98BA73965918CBACFC35B920355234A07D9B303C2334
                                                                                                  SHA-512:E08164C898F46B7F7DE06414F7190B5C1B565AB2A21CE5A2E3F4C0CCAAE1FDD8083DE3253E8EE0597E3B14041DF816BA05CC491ADBA71481C29A919823A61437
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Frame.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2366
                                                                                                  Entropy (8bit):4.839215024821948
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg+Q3JFw0GA:nd5CB7fdpF0W3v5r
                                                                                                  MD5:47481AF358218C030A1C0852656A50B3
                                                                                                  SHA1:EB520D4E99E28FE6137ECC7A38D041DDF8F86DBA
                                                                                                  SHA-256:DB256124A994C6300F9D647E2728A5D0290EA7BE5322A212C501B47781A3B3DD
                                                                                                  SHA-512:BFA75004DC5638209D0DAA2D8BCA50661099C4AFDC8545FE63438C0D68906C1793360EF2021E02555C74D88BED8349B3D61DB5C1232F9F0ACB85E36A9DAD03D7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\GroupBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2992
                                                                                                  Entropy (8bit):4.81273228791819
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhghQ3JFd0zva9WW3CUlQjxBA:nd5CB7fdpF0T3v6zvaIVHjw
                                                                                                  MD5:7E614A1C63108F26F14C10E9343168D9
                                                                                                  SHA1:74EF43743AB456BDF439C11F2635A2A6D0821B5C
                                                                                                  SHA-256:2C61E245CD57E76D2E93E85443B429893914079C0572E889161661D3A9468374
                                                                                                  SHA-512:391008186118867EB59E00768FED5A36AF6E5E454A389F25C52885E118D58BA4F6DD39E7F9A4B2691E1125D1D2576F98B11BC598A43891DDFD7E1E86577E1FC6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\HorizontalHeaderView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2836
                                                                                                  Entropy (8bit):4.811093739134321
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvSQ399tqYVt2FbbUWlF:L5CB7fdpF235qY+b1
                                                                                                  MD5:C51A96CFE7DE9EF5F7499B520AEF04EE
                                                                                                  SHA1:FD088304215EC2F081FB3B30383140FB716F0842
                                                                                                  SHA-256:C7F74755B3FC438DBDCB415930BEAADA79E45A540424282DAECF5F538EE3489A
                                                                                                  SHA-512:80A19AB44C7232ABB863575C63FF25F235E2EA49A9532FA23ADACC8BEEBACAA3B36067E3E486B5BDB5F936BAFD442C70127F7E028EAD02241AA2B3CB35512BE3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ItemDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3287
                                                                                                  Entropy (8bit):4.807550250685247
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgNQ3JFbtoM0kXx2MhPwXzrk:nd5CB7fdpF033vpoM0kXx2MhYI
                                                                                                  MD5:6E3845C09360F72E2175D55F6824A8C1
                                                                                                  SHA1:6FCA8FC5EDBA60C288505B569D2AFA16C106A61D
                                                                                                  SHA-256:4E7E9EEB41EA501135FF25BB9C20702F39960CAF2062DB11A5F14AF4B2FF229E
                                                                                                  SHA-512:6DC194F1270E81F9F52C2A1EF14D641809ABDEDA4A50F07B0E40B31EDF0CD9CF2A3E4A34265535B3044E623C4D052E4BA94B910E4AB16E4DF60B25A5FD5382BC
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Label.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2006
                                                                                                  Entropy (8bit):4.823272355715288
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgWqQwq:nd5CB7fdpF0xp
                                                                                                  MD5:93E7E784E66D09A9F5661D5AECA1E335
                                                                                                  SHA1:38E5DD3385E1295A8EEDC371B97F1F6574C0016B
                                                                                                  SHA-256:29AD5863DE006243027DA0B490B474F61097F42477577CB6F86167CF5058FF36
                                                                                                  SHA-512:EB933A8AFDBD1266A0E4905B0271A154153DFEBC90494A02E2EB5BEED5BFC405A08422CF43B1F722570F8662F69C2A0850F294F5B7F144D6DDED2D6B87FEF62E
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ApplicationWindow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2301
                                                                                                  Entropy (8bit):4.868241936290458
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OC9GDF/y1/H/J:nd5CB7fdpF5DFq7
                                                                                                  MD5:5F6AAF4B990B3F689F16CAE3D9B7960A
                                                                                                  SHA1:32603C110B38AF5D97A8DC0A9C926BC9944BC07B
                                                                                                  SHA-256:3997B7DC3218FA3BB66AD68AAB2D372FCC5C932225B4EE68E9E9B2530063EB32
                                                                                                  SHA-512:4BAFB9530E1F512689F56D4DF90099AA2549B08121B5DAEEDC3FBB73F5A3D0E327EE02BEB547CB7940F6F73EF6EDE9C115ACF234E0210278BF5164D658197E39
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\BoxShadow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2911
                                                                                                  Entropy (8bit):4.889093741052121
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGp1pIPrzyxhFa6Qs:nd5CB7fdpFQDLp1SjMj5
                                                                                                  MD5:B6D09D6C6809841FA11E9B483563508E
                                                                                                  SHA1:522B3973D1B8FFA3F80ADA6D8132C4F416E773A9
                                                                                                  SHA-256:88BFAE64F2598B4591E3A71A64E8520E4F94855B4427C386F26B3ADA0484A779
                                                                                                  SHA-512:6B4B8335975139D83993C576086BE398099E60972ECFD9126AF9E59E00D0D4AD84EDD15C5F55171097EA9EECED141C85FCDEDD424066EAC6E67DC16B7AB80C22
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\BusyIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2640
                                                                                                  Entropy (8bit):4.846310750971607
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpADQ3JFbtEWyIwB:nd5CB7fdpF+DLpv3vpE3Ic
                                                                                                  MD5:998014A48C501D6F5CAE34C36A5480FD
                                                                                                  SHA1:6C9F57D7FB8EBAB09ECF03C594C1D27EDBF11C84
                                                                                                  SHA-256:B88BEF72CCB2DF722C7324C7A5B9D5B7A7DAD157F1E425F4366A2CB8764AFE14
                                                                                                  SHA-512:D6CAA3526C95B4AF25334FC5A768DFC17C4ECE6B0EEF044D8E93F5515D612254644860EF840E36F5C8AB32845F33C777E831D8E17AE99743D6F0BD130C8726CA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Button.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4891
                                                                                                  Entropy (8bit):4.712125500495967
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLp93vpCDkXxpZwnGluzFYkbV:nd0BhpAvR5xDfluF
                                                                                                  MD5:2231BE9FCA62552B9EF504732460B9A5
                                                                                                  SHA1:71DFB6EE4C84E72384E5F1DFD4C1440BCC73C1BE
                                                                                                  SHA-256:156E59F5ADA238F76C0EE47E30E5A10514B35DDF14B6CAECC902CA6EF4C9FE99
                                                                                                  SHA-512:6F2B025808EE57281E98580E1F467AEA5E5797822F5EE009B1E77C5F4D0B56174EFA944E33EF5BC55FB2C7DBC003BB16C5FA6AE5834648B2F3ADA4536BEEE285
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CheckBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3651
                                                                                                  Entropy (8bit):4.792586493832598
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGp6QQ3JFbtoMXu10J4Z6/E0xeskxgzMCUlN:nd5CB7fdpF+DLp03vpoMdqgWgxs
                                                                                                  MD5:A7E874448E4E895AAEEEA3590531024B
                                                                                                  SHA1:3976202A28B68B5E8905981C3577C5A7377B3D81
                                                                                                  SHA-256:F0678CF5E73535E683A33AE8843AFF427E344C8A0158ED61C119965CAD096139
                                                                                                  SHA-512:CF804D342CC327D842378DA280ABF3314746DF3104C7A4718C961929CD93ACD794004D1C79A34F8918B23817186867952F4E444B72A94FE01CB13EDFE87A54E4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CheckDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4065
                                                                                                  Entropy (8bit):4.79287401260897
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpi3vpoMCZySickXx2MXi6:nd0BhpAvEJEy5xvN
                                                                                                  MD5:72203B5852DAF13E66924AACE316341B
                                                                                                  SHA1:05AA4A43F090B0A4B1C56D997452B68EF9F32698
                                                                                                  SHA-256:3859E906C67E38F049C0B99A476A7FFC76F159AD867316F9732AE19BBDC91BBA
                                                                                                  SHA-512:BF56E27E887205AFF8B530BE3D188A574AEAFCA6144B46E15739517F1DF179D89693DDA1779B226D2B9F490A8116910E273FB2409097DA47836C841349850861
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CheckIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4154
                                                                                                  Entropy (8bit):4.70735936961081
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpyQniB6mlOFAoOXt/A4zE7u3iWWrGbWGLf:nd5CB7fdpFQDLpyR5fAcElrGSGD
                                                                                                  MD5:B5BB21C77903BD5D5360BE94C12F2733
                                                                                                  SHA1:D9F189675A8DB324D539C0C7891E2CF2DB6E8BBC
                                                                                                  SHA-256:8A03D5FE3AD0C783F7611FAD9ED5AB7AB75895213B3D8B83CEA478530C2ACD5E
                                                                                                  SHA-512:3EC94B29854D6240E8C2AE602FC0DA0344EDEE6960C672995573F0A7D5B61D13A30787F7930C1EC179F434C236E6AC3414600AB3B80D2F3D1AA7C7F897D52BF5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ComboBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7644
                                                                                                  Entropy (8bit):4.727217163835898
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF6WB3vpoMCeCBKUpUez8vHFTkkn6/9uUU6jYnppzEndq6BpcV:nd0BhpQWbJna/N/UJ6KpBCd3O
                                                                                                  MD5:A085BF12BCCC44C5A3C2E3D30F7B796B
                                                                                                  SHA1:892D7BFCFCCA794F671375CBD829A9F9A770ABBE
                                                                                                  SHA-256:EAB631ED486DFED52FA8B61256395623445B652E6EB9A81CD47ADDFE008A6F1A
                                                                                                  SHA-512:41074FAEBA9950974E85422F4EEAD8E9FEC220D9CCCA2C15D85E864C4ED0CAE4883F88742168822CDE14E17D5D757770839BF7A53B481B783653DF3AB222A5F9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\CursorDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2616
                                                                                                  Entropy (8bit):4.794552110693869
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDhQxh/DfXDx01r:nd5CB7fdpFQDGP/Dvmt
                                                                                                  MD5:3997FE3281C6F47D2330E117E3712887
                                                                                                  SHA1:0556398A8F6006D19CE6EE73C346CADB5784D7C9
                                                                                                  SHA-256:1C894576FD20CEDDA07919CC2401CC9D15A90EFFB272AFC31D1DDAB31537C3FF
                                                                                                  SHA-512:5BD646B0B4A6DF0FA5A20316FEEF43BF54821916B4D0ED86794BEE5A298EE590372CF26D39E53F54E2814D334F1B7F7D8C1F2398579BDC91D58686531E175949
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\DelayButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4471
                                                                                                  Entropy (8bit):4.701240992370061
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpNU3vpCqrcFrwnGYCjvFYkbc:nd0BhpAvQprWfYGY
                                                                                                  MD5:EFA3A440A844F11307A1056F3D20D008
                                                                                                  SHA1:187F407F5388977B27C76C2B8BC797AE8B3E4D97
                                                                                                  SHA-256:1EE9513B607B760E0C7BC5BE8F794A6C5A2DFA96A946D2F5E5874467B03D6B33
                                                                                                  SHA-512:0D2CE0FDB078BC97CD6D1C9E35213DF9652306491879A95BD99CD80B0F44F0B93D1506EF95051001583DDB915B4A60C7230158DEBF4FF60A5EBB71ECB2C4EC66
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Dial.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3543
                                                                                                  Entropy (8bit):4.792348845887984
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF+DLpz3vCB6f5noBi5lnFify/Pt:nd0BhpsvImo2lFL/l
                                                                                                  MD5:29D8F30C877B7FB8122F16EC9950A142
                                                                                                  SHA1:4293CBCD68FEA7A3D255FA2D84F8586D13632D8A
                                                                                                  SHA-256:F4302746ED0917CE145534B9B81FE0FAA025531CF5ED04A81A72994FA234E45C
                                                                                                  SHA-512:0D07A75610EA512B25D7DEA8CCBC803FBE9ABF36C376AFFD517C5AAE6486EC0CF5E305E8FA8382479E9EB7E29EEED9F568DC09AE8242E13280A1124935D66018
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Dialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4358
                                                                                                  Entropy (8bit):4.812079921863784
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpZ3vn3L/p1jYnppjEnF5FyBP1:nd0BhpAvfbR1apxSFOP1
                                                                                                  MD5:2548CFF063C7BE6F57B8D4F81BA33A06
                                                                                                  SHA1:C314CA356D2BC6E985BADD8E75F96A7B9A5C0C6D
                                                                                                  SHA-256:0363B31324C9EF26FA2BB540334774DA0A6545951DD06A149E6B832A6BF6C7EC
                                                                                                  SHA-512:870B3687579C10781A7B110FF885964D0D91D6ECD5A68A41C4CF3F5B09421AD2302014EAE2889E38A00B6538B84E2721F0F056EFA2209383283F333F62F26E90
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\DialogButtonBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3207
                                                                                                  Entropy (8bit):4.869069840142379
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp3Q3JFw0Xk6s9H9YMweiWt0D/6x:nd5CB7fdpFGLDLpg3v506sDYMHiW1x
                                                                                                  MD5:06C06A6C5FE0705DE484D089C6E803F4
                                                                                                  SHA1:C3C742F65EFE8DDFB72922C98C265E1E6A6A76C9
                                                                                                  SHA-256:8A0C771BAD8EA0DE60C8B5595C3ADDF6A6E7785426CACB7D57F30D7921524045
                                                                                                  SHA-512:2FF884A5929EE2E3C576AA9BE594E0CDEE5C52B2C4F288CF4AE9BFDD4737CA412FADA63442C245FD34425640AC19FE53CB56863BAF6BD09802B7BFDC2FAAB49A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Drawer.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3867
                                                                                                  Entropy (8bit):4.862301490461931
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpPQBJFw0MyAxyhnMQxWQfgUqRh7/k/J:nd5CB7fdpF+DLpYBv51EgT4hK
                                                                                                  MD5:13FDABAD8449B607D5365D681CCE3015
                                                                                                  SHA1:7BECB74EBCFD5AFA4ED27ED41DA1828496033F2C
                                                                                                  SHA-256:5F37513A7BDD0DADCFDC435882DB4199A224114EC41DF8C9250AA1483F9428C4
                                                                                                  SHA-512:79013303748C61FE97F2E759AE1778157B2C88451F564315BA642180A6E5C5903171E3E6BB600354924B37A24A3D29168FB1C196195222EFDBAC863D0E66FB71
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ElevationEffect.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10030
                                                                                                  Entropy (8bit):4.806138037085718
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFQDLpKr5EuujsA1GqHVyPDwQHHoxOoumQ91H24L8M5nNG2oLk+WPwub:nd0BhpKvUr5EpjsA1F1hQHHRodU5oQ
                                                                                                  MD5:EF49589B6DDF274E2EF2E77ECD689BD9
                                                                                                  SHA1:0C3DE37CD559D988B9F78A845B8A6D45D6FCA35A
                                                                                                  SHA-256:4E223635E82795BB7A8909C15D1F2739EE7E607344187D30B929B5D8DDB09808
                                                                                                  SHA-512:0A3FE282F8447E04565976791D66F1A177BA7F925AF1663D7DD4CE5D5D86CD14364E7C13E2ECC59BA25B52FF1B4CAFF93B584892673328F576F526167CE77B03
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Frame.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2710
                                                                                                  Entropy (8bit):4.838309188288612
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpXQ3JFw0akHz4y5Fc6RW:nd5CB7fdpF+DLpA3v5L5FLW
                                                                                                  MD5:6E05224A672A8F3683974C2BED54DB19
                                                                                                  SHA1:C67BD494AA339A0F025A1DE7FE0A2C3F4E8D2ECE
                                                                                                  SHA-256:54B7E9D18092BD8AE03E9336554F48CF5178C304457C70FF107F4A2FDAF810F0
                                                                                                  SHA-512:FB38360AAD57AEC7202BA891F9EA4D7F8EE7C49A1C09C5AB924ED65A0D7C77191A9508A2D88006E6762544AB015C42084F04E56CEC3BC3A19ABB85E3884EF9D2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\GroupBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3408
                                                                                                  Entropy (8bit):4.812150701263161
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpqQ3JFd0kHIvaHHtWnzMCUlQjxT4y5Fc6w:nd5CB7fdpF+DLpN3v6LvaYnxHjD5FLW
                                                                                                  MD5:DF99BC50E44F0E6708A96BEE13C330D0
                                                                                                  SHA1:D153FF903F1C7C2BC5692ABF41B91DADA12F2387
                                                                                                  SHA-256:BDFBC86A651DB5FDF65A3FBCB7CBD91BBF295D845612BA369E317FC4A5DB3AB9
                                                                                                  SHA-512:2F409347A4BA5F600D07BC38258C6451C0CD7C83F27D51C4B8EF38B584FE04245A0DB4200BAAE5A7FB800CFA4A628BBDC003567966304704C919F7E9E1549E51
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\HorizontalHeaderView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2968
                                                                                                  Entropy (8bit):4.8077641352008476
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lv8GXGBQ399tqYVt2ykFbbUWlNzx:L5CB7fdpFgWa35qYDQbdV
                                                                                                  MD5:A4DACE7AF6027943AD4B4513FD75EE40
                                                                                                  SHA1:878BE0B95889815C17D3A97ED5D5F522AD2674AA
                                                                                                  SHA-256:D8F333E3EC6E057BE364A043677A8E3A2762384C05FCFB2A5069184DDBFEEE99
                                                                                                  SHA-512:850FF7CE8304F738D9114E988FB7B9720C5D0B8A3856BF5AF354E5C96062E62024E47E7DAB3653B3458D7F2542116FDA35BA5F452C03011D83047E2C2864A1C3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ItemDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3570
                                                                                                  Entropy (8bit):4.797861913310862
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp+Q3JFbtoM2/EyZkXx2MXz1gmx:nd5CB7fdpFGLDLpB3vpoMCZZkXx2MXi6
                                                                                                  MD5:48495866F8B6E452907F4E90F0B1AF19
                                                                                                  SHA1:092CC0136EFE59B8389B7A521628FD05E59F7ADC
                                                                                                  SHA-256:D4FF3080E64C091CAC96A7A4F6F7FE8F2F948F468D70DD39271AA48D02F6B306
                                                                                                  SHA-512:1F9F95545374F75CA3E345737ABA1E86D652FB3E65B3F92FCC2118E6DC15CF6DF5461874AEABF1A1FBE0910CA8752AB6887FF1FC955AFB27B316FBF42901F3F6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Label.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2008
                                                                                                  Entropy (8bit):4.82410778031169
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDdqQZEtV:nd5CB7fdpF+D/Zg
                                                                                                  MD5:DEAEDB2DEBDF15BD087D382C28C34291
                                                                                                  SHA1:72FD0FE26E38F816D8572DA1C9425365F64ED9A9
                                                                                                  SHA-256:B82053C1628AB97B4FC2EC4B001E7368B8483B0305C15CCB5BA29B2F61E7AE0E
                                                                                                  SHA-512:D4B2CF07A170F9F68C19E4A98E0FAD270BE2F748C883B988217BC9BD16E3198C06DDDA9BE600E3C66AA84CF1A93E4B6ED69DB0FF88A2AC3834E08F6F770F2F72
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Menu.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4162
                                                                                                  Entropy (8bit):4.869740301783965
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFTDLpuS1v5EtBjYnppjEn2vCccP5FF:nd0BhpdvgmEtBapxS2vbaB
                                                                                                  MD5:365971BA24915164063E97690F7DAE9C
                                                                                                  SHA1:2A55D6FCC0512A77960FCBF761A1910D5E461FC2
                                                                                                  SHA-256:413199D8146BBF130A26A50753B3F8ECB8A26158A5D77C32D6B1EB22B57B3AC8
                                                                                                  SHA-512:A911D0CEEEA33F52DA8E30D7C946BEB14E39E873658E3EF58DC383292997570C3673A2EBC22AE1159715D5F1DA0427A76133B17C2C3BBD1BB27DF6E89EBD728F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2604
                                                                                                  Entropy (8bit):4.840411587708949
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpuQ3JFw07mXob:nd5CB7fdpFGLDLpx3v57v
                                                                                                  MD5:68ECFF6B2C4A7B65B2D6CBE889DFBFEC
                                                                                                  SHA1:D7DA0CA6412D9C4E81A567C22B1AF44B64C14FBD
                                                                                                  SHA-256:C62DB07B4D429F9BD0CF88EAEF9B15AD8CDB58322C7656D55BE5936044EB1240
                                                                                                  SHA-512:DA91A917EED9C3597D91FA12C4EB4FC620BCBB4E5588A011DDC924F88749CC3CD42B10AE8E654A6920BBC6720EB6B8FF42CE7277F52106F791A0F6708BB3BC4A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuBarItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3442
                                                                                                  Entropy (8bit):4.770573402116531
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpBQ3JFbtoM2cEyZkXxmz0wwX/gvx:nd5CB7fdpFGLDLpa3vpoMzZZkXxmos5
                                                                                                  MD5:9BEB46066F22FBBBE53106B5FFB6AEF3
                                                                                                  SHA1:10E428EB0D85678230CD138F18536C0AA5CFC53C
                                                                                                  SHA-256:F3A31AE3CEEFEAAE4FDA9A173FD3EDB0DD817D692236120572D874F7FD2838F3
                                                                                                  SHA-512:B7A647B35E2BD15CB5BD43C0CFF81FAB42BF54033E4EB2FFF88A59B0D64C0D2B230AB1907D92F392A71B53C6DF0A6A0D5E1B806A6C4FAA00742AED06A6742F20
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4788
                                                                                                  Entropy (8bit):4.767659902718251
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpJ3vpoMWZ4xy0FQskXxmooe5:nd0BhpAvdJg4x+xR
                                                                                                  MD5:10972CD75BE888A0F031B6C6D2FA0E16
                                                                                                  SHA1:354218F2EBE99D987B7AFD2DE04BB7D7A7763E5D
                                                                                                  SHA-256:A7E1B2398C5CBFF591FE34270FC800E2DEBAEC810689744D58BAAA149558A619
                                                                                                  SHA-512:55CF2C2265A5D3604305B29D5998A0D9F2E10709893133A19709C2328F742E065F2F3A60D79C3C10A2C165233A225DEC899D4F60B0AD2A6FF8852F4C7EACE73F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\MenuSeparator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2400
                                                                                                  Entropy (8bit):4.831926312624564
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDcDQ3JFbtPTslb:nd5CB7fdpF+DT3vpro
                                                                                                  MD5:5F7E2FA195063A499F450D38AC067AD2
                                                                                                  SHA1:FC02285B676D836409B46B57EE2D798EB256402B
                                                                                                  SHA-256:8CFD1C4238B721C2FFC6ABB4132F5670E45A6768AD5CBAC7413FDC5BBFB4D92F
                                                                                                  SHA-512:2186361D3C9A1C889C311508C2D92EA20C428B528946DCED53CFDCF312E643BB4783235691BE1EBF0644C2DC52ADB85796D6CD172FA627B1EC4CF6FBCD27E497
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Page.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2588
                                                                                                  Entropy (8bit):4.772227959654226
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDlQ3JFm0QuLYup+b:nd5CB7fdpF+De3vn3L/p+
                                                                                                  MD5:CBB179BD9C4898ECC26A6EC3C82A41C3
                                                                                                  SHA1:61B2FC2C285F19D0037B825229BDBC9E2BB318B2
                                                                                                  SHA-256:DEFAA9EB6822493956BCA3942ABFFD8C41EC10D40653EBE48147A00C321A4BB7
                                                                                                  SHA-512:4FF25C655307C36C6077EF936AB27C0FD47D8A64BAD5D761BC4E582764524B67E4127E7EAB6CE8A70ADFB6A74EA52579D51123DD1FD22FFA8089CB28A7CDECA4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\PageIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2795
                                                                                                  Entropy (8bit):4.828338932063428
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GD6DQ3JFbth60+jzyZZZ:nd5CB7fdpF+DZ3vph60+jGZz
                                                                                                  MD5:EB291290659332B4760637A4A13C9BB2
                                                                                                  SHA1:8C8B529B020F7F58C911B37587E065197ECE76B3
                                                                                                  SHA-256:F7A71B592744EA1A88843238B5576B4DCD93BC923D79585D3BE0C54F749C1A96
                                                                                                  SHA-512:9E5BB4EC6E40617094C05C10734298A0D60F027EE19FB2C4E383BFA6A7197867350626C024E9BFBA9B2D250A65171DCDE90D5F952EEB9B43C82BF9B86FF051D3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Pane.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2594
                                                                                                  Entropy (8bit):4.8344449556473075
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpUQ3JFw0o+MFc6RW:nd5CB7fdpF+DLpH3v5eFLW
                                                                                                  MD5:E5FDD28B572D970E35544C60FD8BA0FF
                                                                                                  SHA1:177441A046688D225AB8B60F67D1D8755239535D
                                                                                                  SHA-256:158D1F2A7C116DA47489FF7D022314A79198A9C10784FB04B777B19A9906A284
                                                                                                  SHA-512:F84CF4159FD462FD33AA3E4464F0662FE362D812813A5A688C6809847D906C029BD3471CB8F5F5B3E74471D08C593FCC3037BDD858E62B5DFAF1E501CE2BE603
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Popup.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3464
                                                                                                  Entropy (8bit):4.898820195124723
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpwQjJFw0FQiYnpetijEnIy5y6RC/k/J:nd5CB7fdpF+DLpDjv5FjYnppjEnF5FF
                                                                                                  MD5:7046F5FF3A70AFCA04B39F430AB475B7
                                                                                                  SHA1:DC7DC60B93B54C6E11CD696927FFC11F3D1E28ED
                                                                                                  SHA-256:B25507E5FEFD22BAD1CE21C0CF7910C448789EEA5DDBB74D7B17BDB4059CE6FF
                                                                                                  SHA-512:A58099AE5E66317A1C8B14DEC37896DF1F535327933FA27060FF82BD16062F3166AE78CF7F8D966A83C10CA95960743AB16198E6932DAC4409146603CFA75B7B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ProgressBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2820
                                                                                                  Entropy (8bit):4.837609805236169
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpiQ3JFbt8zgLozak8sBS:nd5CB7fdpF+DLpl3vp+7zanX
                                                                                                  MD5:D1C0A356DE670765571C5E8E4F0F8209
                                                                                                  SHA1:15B8228E3AECEDC6F904A311838589B03B47BE05
                                                                                                  SHA-256:9AC78116B02C1BCB4DCDE91170B10B8DD7BF532F0B800E81BD3C948F5CDA956C
                                                                                                  SHA-512:ECB8EF343476916484F60A840D2F6D80E85C96C221B175A69747FD8186C927D6EDC82839752E2ED66B2960EDC2009DC2B205D184E547299162EB682D8D4855F5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RadioButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3654
                                                                                                  Entropy (8bit):4.7911429859967205
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpFQ3JFbtoMXe10J4Z6/E0xeskxgzMCUlN:nd5CB7fdpF+DLp+3vpoMtqgWgxs
                                                                                                  MD5:565BF9F71B56FA741400574DACEB11DF
                                                                                                  SHA1:1390677D50F5C32E920FE1C79FDA5C410C4FA922
                                                                                                  SHA-256:A9DAEB562FCEE84DA8E896456C5E8FECDE4E49842EDDBDB87BB45F9E0038CB99
                                                                                                  SHA-512:4FE1BC10B616BFDE5CFCB534F5CC4D7504EF593C4FD68F986130F4B3A5A33202EE1A29A553A215C055CE4FB05D533ADB0979CF6AB075F7C95C8907F857D355EC
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RadioDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4065
                                                                                                  Entropy (8bit):4.792295622948737
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpt3vpoMCZLSickXx2MXi6:nd0BhpAvNJEL5xvN
                                                                                                  MD5:85BD4CF930049F7FAD1A1157CF56E2B9
                                                                                                  SHA1:6B96630AE511416426C53F3CC9B311AFB3B8B8D8
                                                                                                  SHA-256:01CEC46769B7E16A3FFC84123CBBED009A5D565F3D455364C79ED1C0A0006D0F
                                                                                                  SHA-512:67D74C13F5707F94D159E8F9A7352B5A0D21B6F258A98C6C18B8C777B26772CFEAC3D434AF09EA6F9136BF3B8671A37511DEEF5B18CE31ED81B4D7CE172223F2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RadioIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2519
                                                                                                  Entropy (8bit):4.827600648510387
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpfSiK+T8ocf67:nd5CB7fdpFQDLpf2vNC7
                                                                                                  MD5:3C3E1ECD5F2D9B1C8B8ADF7941BFEE71
                                                                                                  SHA1:EB1EF91F402F7FDE38B6DFE79BAE0022CEE5BAE7
                                                                                                  SHA-256:302175E3FAF2093C879B338872688F9193579CA681B5EE4287807CC487A56DD6
                                                                                                  SHA-512:D753CE1817DE8FDBBCC672FBEAF1740FF993B9573764C1903C893539B04858BE3CA66B8F734CE9A282A3B00692D0A52E32B28952F717C1D2BE8651EFC4D785F2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RangeSlider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4757
                                                                                                  Entropy (8bit):4.795633305434376
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFJLDLpF3vqSs1Z/6Hzt6/1nLdBPuh6mj:nd0Bhpjv2Ss1V6Hzt6t5BPu/
                                                                                                  MD5:517BC83A0059AB0501D89E95B479A244
                                                                                                  SHA1:84BD154840AA09E0349550B466C9A662E53DF8C9
                                                                                                  SHA-256:9119C70F03475B4D5AF2579302986B0694AB4FA6CEB4937B311E7B00A5611C4F
                                                                                                  SHA-512:6E08F72783689DF48BC3A604DBC25FA69B03DFDA1B8C3AEB48AE8F6847B9CEB59BA2FA614A1C8C94B873C61561A392FB02317FE5D3D45682602BB14E6D4DD9BE
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RectangularGlow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8309
                                                                                                  Entropy (8bit):4.498428163270163
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy99io5JAS44kH1KWRmoAAJ/H0SAAd449lM688YAAdC:nd5CB7fdpFWJA/RmEZRMTmtnWwbQ9VI
                                                                                                  MD5:F98E2EAE330AEE1FC832A15FC395AE4D
                                                                                                  SHA1:BB91C3051A65832000DB517913F8A4B122C10F5C
                                                                                                  SHA-256:E4ADE2E5C1600BEFE2AE31221035B5BEEE33ACBB9395DB6911C32B117C10A300
                                                                                                  SHA-512:C263A0A3AE0AF2C665A079C4D77E931322FF4A6F062B3AA54D9D96540D53A1CB9D761E2901DA39F869528F3B4F2867DBCB65540D8BF42E876E643C64DE95F944
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\RoundButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4702
                                                                                                  Entropy (8bit):4.724663373079018
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpF3vpCQ2kXxYTxUbYbZ2FYW:nd0BhpAvJXxuNY
                                                                                                  MD5:3A77FFFE5EEBC0606072577F2995448A
                                                                                                  SHA1:1A2EF46A74648931CE7A4B2318D62C1AEC0E8E8F
                                                                                                  SHA-256:6BA91BDE18BF2CAE35DE1815F2A1B8C8CF86765900C16B3599CD9650F7F6DF74
                                                                                                  SHA-512:E1E2F0CFE991518AD4D1DFA05AA44018F1EFF79AD1589B44DF816F89104CB01E9634CF4374377FB942117472582D576C4198206CE4AC7694DAFD2EC916F75338
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ScrollBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3771
                                                                                                  Entropy (8bit):4.840999626567917
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDsQ3JFbtySQkc2fEZHHkDPxEXiHoPxZ:nd5CB7fdpF+Df3vpy1kCFKPaiHoPb
                                                                                                  MD5:9B79FE506F854CB5E7615A2C241E3755
                                                                                                  SHA1:BCFB14A7B8AC3DED6B1554DF75A02D6B8A65A208
                                                                                                  SHA-256:AE326BD04FD07A2417F5583F2B06BFB68EE166938D1C651F33198F6E4665CB91
                                                                                                  SHA-512:736C108E7F9C524AA68DA52AB22403E068BC347FAC9AF02A77E2B1A1133D5956CBB13B782B9C0C195405685C6FFF0C597DC514D12DBC29D7BCE3B5609C1979ED
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ScrollIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2967
                                                                                                  Entropy (8bit):4.755864058965555
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDsDQ3JFbtnRBNxAF/k+isH:nd5CB7fdpF+DD3vpnEJxia
                                                                                                  MD5:435FCB5EAE11DAD6B2411D5BC0787216
                                                                                                  SHA1:CEE1645E5D603A95363D99B72A250500BE9308D1
                                                                                                  SHA-256:A66BA3C2CEB4766CA959A6C94971E4FB3FB2B33FC6157EC89E22F9DEC6B8B5CD
                                                                                                  SHA-512:0836172997069DAC8287ED2D7A07E67DE8C659360D13A8AC6C50921D9F8338FB8BA1AFD4C1205DE09D6447F654D387009E4E1C34D9311E1A0F8A516BD34AD2A6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Slider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3963
                                                                                                  Entropy (8bit):4.829478647325663
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFJLDLpo3vj896/P3nLdBPtF9m2:nd0BhpjvY896/v5BPjV
                                                                                                  MD5:46D343D4FC318CB86E1676A789915BA1
                                                                                                  SHA1:5218BADEBC40B2E50449A545A7843988D859A016
                                                                                                  SHA-256:BEF54AC22986A64AB8539D90568FC1A017FE0ECCCD1931F56A1910E429D0B922
                                                                                                  SHA-512:E611F7959AAACAD4527E2EDC1EF3D0C49EB015FEE1C25C135657D04910C32380BE8080D6E2FCA34506F4AB742D05911E7FA711DD5BDE4CF79EEF06C60D3F3890
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SliderHandle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2932
                                                                                                  Entropy (8bit):4.78290740051343
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpWnX+9o37M+fHMyzBADYfNsYNvb:nd5CB7fdpFQDLpWO9o37M+fHBzKMltj
                                                                                                  MD5:D647A5CD428C2DD080AEE1D246CAACB3
                                                                                                  SHA1:A5F9D762FC50421B78D55FFD60FDBAE57D75F69B
                                                                                                  SHA-256:BE6421A3B9D158DE3A94B9F737DE8538432414BC3D2AB94977D31CE1FAE755EE
                                                                                                  SHA-512:8DE0E39E5CF2721BADDB2A63AEE00A8BF07107E95FDA57F38E417B7EB3EBEB70193372285CDE17B6CF0760585BA49E755D50A5F8676833FF2B1BEFE9C1A48BA4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SpinBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6225
                                                                                                  Entropy (8bit):4.618752935327141
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF+DLph63vURkq3KjKbnuzjBUg/HLvWLTFuzjBUg/7ATw4VfsT:nd0BhpsvUhfxD
                                                                                                  MD5:1F3CF71216E54DFBD0A6A352907A95C6
                                                                                                  SHA1:AADC4946FDDD3BE151AB78AB64BC69356A3110FA
                                                                                                  SHA-256:563CA893E4477876ED5DB6DA9F981D0E6D60662378C7D4B77053B1226317C409
                                                                                                  SHA-512:2EE5821C9FDB31B2230F2919C8BFC894B656E5CB32F01F26291E9BC1F15BF8473535F678220BE4F90FA87385A1F9BE63ED7A666A142FC0BC5D1DC520EEB449C5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SplitView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3315
                                                                                                  Entropy (8bit):4.790674071189243
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M55H6E+iCsAaKj7fOWIkFy9LixvGmQqJFbtyz6f9JfDZFt:U5CB7fdpFOpqvpy2jZz
                                                                                                  MD5:E46181340B2D9E90775F686AFFF9C2AE
                                                                                                  SHA1:73BAC5091904762063E7D9AB1DFA1D49C3570A5E
                                                                                                  SHA-256:4248D6703D05D41480FFAF12ABEFC63F020B204221684D73D64957ADDC3A8B4F
                                                                                                  SHA-512:34CE77D44809A969247B76DB66F03EAA20FC9B94413B2E49FF9647B7E2841F32B1B271197E510B73FB45BC22F4EA70EDE14D6E8F5C4F24C93A800D8D58526442
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2018 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\StackView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3885
                                                                                                  Entropy (8bit):4.951612981046042
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF+DsV7p82+ij+spJOP8u+spk0OPO:nd0Bhpsa7pQiispkP81spklPO
                                                                                                  MD5:10E28FBB58B8A780C527A32A59114312
                                                                                                  SHA1:EB9CC1B8847B3AE2882926429014B1B257E87C1E
                                                                                                  SHA-256:09C499DE9CB6DF74464FD5A66C9A58AF16E34FFDE3E0C67AC12D0E0C81ACFAD6
                                                                                                  SHA-512:F6571C71E912B1850CD6F2211030AF6D9BC96CD32A5AB6D5801EA8FF0ECA679AF72620060A5F22A6D44EE3116013FA20346A4003A00AC1357957E14A9A067611
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwipeDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3887
                                                                                                  Entropy (8bit):4.773238807520014
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpQ3vpoMCZ8kXx2MXfUbK/Ec:nd0BhpAv2JExxvvAc
                                                                                                  MD5:C8A4636D811A78B52E3A333EF90AA494
                                                                                                  SHA1:B1A3AA6D7250ED974AC7B21DF7598F6919A6D5AA
                                                                                                  SHA-256:B19EB0EC5894590163F09F7B66A236CB30EA2C63E3E79846EABC4029A3792F13
                                                                                                  SHA-512:520272046579D975FB9E32DDC330DB698CDF099214D7B95F9B6ACFE03AABB9D05E39501464076AB08827E68248A32AEF4F2220F460E5F5A62AFE5C653875B8AA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwipeView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2830
                                                                                                  Entropy (8bit):4.839139747866962
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDdQ3JFw0IJeSaVzdSw4:nd5CB7fdpF+D23v5I3aG
                                                                                                  MD5:55A2CB6F3D43441A3AB4D20CCCD8BC27
                                                                                                  SHA1:BE8DB5E36F2333E68976D0A655DB9C047131A7DA
                                                                                                  SHA-256:DF48A6406527FD52342CBD00D50D4F749D023086A01814EA8FC6C550A2FC53E3
                                                                                                  SHA-512:FA05783EDBB4174458FFE860EA3F93740B386CA1BA48309BFA551A410D7267949D0AB652FA78B5DF9B32889A31A67C4A87D6B5FF031DE0A80958E68B62E76F3B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Switch.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3612
                                                                                                  Entropy (8bit):4.796786231360721
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGpg9Q3JFbtoMJA0J4ZWfsu8kE0xeskxgzMCs:nd5CB7fdpFQDLpr3vpoMFLfsu4gWgxs
                                                                                                  MD5:EC5BF32BB60EDCDB2F1C1D07F05E1CDA
                                                                                                  SHA1:D9CC82E6832EA93A2B87A136FF42463CDB27C14A
                                                                                                  SHA-256:E65C894AE653242836BED8789B72E8A208A8D743F840A73E9B6BDDEDEDD11A31
                                                                                                  SHA-512:F0D92BDCFD28CB0FA467F7FE8AF53F96022DF55B5AE81F12666742D3E46B421A443A953D57C3E7CE40E43AE6928E3076CDA14CE86B3465BA01B85217930F2538
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwitchDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4104
                                                                                                  Entropy (8bit):4.794699611379986
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGLDLpu3vpoMxZ+SickXx2MXi6:nd0BhpAv8Jv+5xvN
                                                                                                  MD5:8760D7638C811958C997AC97746FDC96
                                                                                                  SHA1:CB5D0324B0E2CF7C90C745F667102EB2B14722DE
                                                                                                  SHA-256:C897DD480D12643F24A357B1969B78B91DA6B7E8A950DF2092856010AB8A8E07
                                                                                                  SHA-512:56CF699B98F0EA9C97740CD5FC7770FEFBE90BA9A801FED5CEA855FED8C3EA53207FF45028FF2220D8EA1553FBF797ADFAD01AAC46D422EB9E82781DC7B880F6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\SwitchIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3330
                                                                                                  Entropy (8bit):4.752119040809457
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OGDgGp5Qq7rgI67BA/X//bXv6VZy/Gly6Ra:nd5CB7fdpFQDLp5/7ULEXbCVo/mFa
                                                                                                  MD5:2EC9174D585AA4F418A831EDB97C0B9C
                                                                                                  SHA1:E2C3ECBE6E7BC4FFA8DD5CEF3767BA3438F76C3E
                                                                                                  SHA-256:F01406646BB316E79AFCF276DDC59BC70BA46DE58562B1173A6ADF33728DC7F4
                                                                                                  SHA-512:00D834A26C0506C183E37A5ED077067684B63BFCE40D3662596C6E31F19B6CF3E3C743B575C3D6A764C1D8B925C9B65055838618842F6BF345CE48411EBE4FFB
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TabBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3437
                                                                                                  Entropy (8bit):4.785298813653595
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpmQ3JFw0cwlc8L8Nd2JB54xocy5y6Rsf:nd5CB7fdpF+DLpp3v5cNz2r5ws5Fsf
                                                                                                  MD5:E0C9C5E2BFC89B835932400D5F5FC80F
                                                                                                  SHA1:063643A8DEF7A64BFACB373F2B1E6EA9291F3EEF
                                                                                                  SHA-256:DF91849DA352EB0A6FA50AD30188014BC8EE8927676EF2108B7DDF55A3BA97B8
                                                                                                  SHA-512:93E21896F9F31F2E02D7B36E7C52AF63862C6E62422591250219F3A680527B42FEF4D107A89DC33D33E919F40188982AFC88346864E054FAC5331C2CFD3CABDD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TabButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3208
                                                                                                  Entropy (8bit):4.826535254116028
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp5Q3JFbt+kXxOqgb:nd5CB7fdpFGLDLpS3vp+kXxOqw
                                                                                                  MD5:22F5EF66ACA2F5F123545E57DA4B9995
                                                                                                  SHA1:E27C692FDC8EC203F3A331481166237A6E15BF27
                                                                                                  SHA-256:6D87E0C63D2A080B7C6728A3E3DFBF8F792032034EA770710202592F1BD532B1
                                                                                                  SHA-512:3627C4ADCE5B6EF2EE4E62280C4394026273DC745301BE6AD463CEB4FB13B0B71EA76BFE4C1121FCF81BCA1044CEBC5C302983541E1227F456823BD6B1274963
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TextArea.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3727
                                                                                                  Entropy (8bit):4.830699947184764
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGp4Q3JgZLzAjPERh1FjygPi/PCdWFob:nd5CB7fdpFGLDLpr3ONmPMndWa
                                                                                                  MD5:07D5EB3B82FE60F2E43ACD5D2C11C147
                                                                                                  SHA1:73CFA3E99F861EBFC64751BF43535661BBB898FE
                                                                                                  SHA-256:CD31510A2D8460FC131E5A94D753D0B923F50626E575131DEC9C94CB7EE540C6
                                                                                                  SHA-512:2B169294E7F9F281E51BA6254AD43398E0DF5E1586C4B520B432AD3045A0041D8D8316E3C3AC4432D094438C44A95380BA81E56D33460CA64A9E9CE5DCEAE027
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\TextField.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3820
                                                                                                  Entropy (8bit):4.8410761106012945
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpzQ3Tw/nP0p9PERh1SijygPi/PCk1pM:nd5CB7fdpFGLDLp83TcszP0nknI/
                                                                                                  MD5:81914053CF4C8B51173BCFDAB127BE2E
                                                                                                  SHA1:1222B9204AC958072ECAA1E28F7D80C987B71685
                                                                                                  SHA-256:09A990D8A73091DA451FE46D518175A4D794B9E955FF45920D0E9D8F4063458E
                                                                                                  SHA-512:35F16E4E063FBBA6A54844E387DBA874B65AB9BBB8BC9E5F281F43F397F85D915090B3A186C68916B172CE0D4FD040EFD65F4E70A9E9500843822901E17ED55E
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2656
                                                                                                  Entropy (8bit):4.830282251562865
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDgGpVQhJFw0myjy5y6Rsf:nd5CB7fdpF+DLpOhv5H25Fsf
                                                                                                  MD5:CECCF52B0AEC6FBB914633703AF7A1FA
                                                                                                  SHA1:299363C51B8BB0898E3300A8A5451F3CA85BDA04
                                                                                                  SHA-256:69EF1C4BF0329EB9FE2E6DDEC7E584A3E38430250CA3D9EDCC38181D6E44E636
                                                                                                  SHA-512:8C1968A391708A7F9726D058C831C930D83C613BD33764BE1B6F759ACAB536090F42D2996F1CEC063210A24C794D8F3DEE7D1A2AB8B4D9700EDD9D4F0CD4B49D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3602
                                                                                                  Entropy (8bit):4.812649874502562
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgGDgGpAQ3JFbtBkXxSWrj7cMb:nd5CB7fdpFGLDLpT3vpBkXxSWTcc
                                                                                                  MD5:42B68708A8B18C126569C42844D844CA
                                                                                                  SHA1:E1DB4E42E6609532AC4731A8CB66866229C85FE2
                                                                                                  SHA-256:8D3AFD8D199595659F42212168ABCF55B7D1AC212A6616573BC083F73CCA1B21
                                                                                                  SHA-512:F48C3575E793E631915BC719FEFFDAD673517AFDD9EBDE93168DF4E4B7306A5C3ECD5669572CAA1A091A044503EE0E3537314AFB65C41FC613EA023EC7E03344
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolSeparator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2489
                                                                                                  Entropy (8bit):4.847822761591629
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDDDQ3JFbtM0QHb:nd5CB7fdpF+Dw3vpvQ7
                                                                                                  MD5:AF500ECFBBD1A4792B16FA5C373D9FA4
                                                                                                  SHA1:7FB693155D9DE76B81BC5505BA33A91A7F5F0A36
                                                                                                  SHA-256:595E7895E532F29F9CA2DA32501522B8C8360664238DC82C7793C73AEBCC3D1F
                                                                                                  SHA-512:10E9227C90ED7CD4D52C5D5CA196F1D28F59736A874988FFB46A7BBB18640D6176C33E19E86B00AA8651E877484450E64733EDF6830940F347871FBB57312292
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\ToolTip.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3206
                                                                                                  Entropy (8bit):4.885163038662627
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9GDlQ3o/JFw0jYWspetiF8ebpt:nd5CB7fdpF+De32v5jY/ppF8ebb
                                                                                                  MD5:CB7A270AC99A4F764986C3731EC6A906
                                                                                                  SHA1:AA9245F722DB3C96084E42F4AB3515D79E0ECC93
                                                                                                  SHA-256:6085F068214BFB06C453F1B671576AC585072A02638D871E212B7FFCBFCEB3E2
                                                                                                  SHA-512:14AC48489D020D7DC406499A4192372D2D344537A9252860DC914D70CE3D85E7476BD4FD6220E6CD335F9AE644B05018F3A6DAEC7E13E1DA896D1BDEC7321F97
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\Tumbler.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3317
                                                                                                  Entropy (8bit):4.826698729490084
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg9GDtQ3JFI4CtfXKeGlZusHPwLA:nd5CB7fdpF01DG3vIvyrwE
                                                                                                  MD5:2D0F59B773A845F7F6105A2E6A6CA9AA
                                                                                                  SHA1:686126D568A0B636F4652EB820B6F94433575BCB
                                                                                                  SHA-256:1EF694FF3D76110423D945F9ED5948BA86587DBD130BBB953C1B88F3F7C08729
                                                                                                  SHA-512:06648257FAD90471945F4D56A47C1A0D93E65E1DF957A6A817B91D569CBE4A9EFA7826CECE30202EEF4E9BAE91AC2A8A55BDCA6EBBC2179A8C17C248862D5AED
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\VerticalHeaderView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2965
                                                                                                  Entropy (8bit):4.806250208072157
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lv8GXG3Q3rNqYJfykFbbUWlNzx:L5CB7fdpFgWg3BqY8QbdV
                                                                                                  MD5:67CC5584067185FD2979461ED17C75E3
                                                                                                  SHA1:0824D45DAC32996C1F4ABC9294D5E77A8BEDBFC6
                                                                                                  SHA-256:B58DEADECF19234D92FCC035C0B773271B4CFDCCF24CD06E300F7C81903CA433
                                                                                                  SHA-512:C96E7782C9033D28279F5572AEB4910420A52CB72D6DC3D017C240FF50205B6D94D1C8FEFE9065E2F80644E9E38E1B37B5F7D76C0D1951E58D341FC16556B5C4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19745
                                                                                                  Entropy (8bit):4.398954459962296
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:0OEsWJxl7IC1CoZT5zkTmOG8pHBhk99bry4:0OEsWJxl7ICMoZT5zkTmOG8pHBhArj
                                                                                                  MD5:9DF4F4EC635616DEBA44BECF1D4B1289
                                                                                                  SHA1:550EAD9AF422A5CCABB4EBACDD53A23F3A4FFC39
                                                                                                  SHA-256:65CEA887FC78F250BAC61E4E4B6BC9F21C9443F74CA16C6461B808574C5BFD98
                                                                                                  SHA-512:92107583FC0A94EC5F6665100036099293B02995BA32384DE61BE1172B1E51F75D7644DD4B262627A7B00B58B9D0D19F6067292BE259285F56D77F0EB1A4AE40
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Controls.Material 2.15'....Module {.. dependencies: ["QtQuick.Controls 2.0"].. Component { name: "QQuickAttachedObject"; prototype: "QObject" }.. Component {.. name: "QQuickItem".. defaultProperty: "data".. prototype: "QObject".. Enum {.. name: "Flags".. values: {.. "ItemClipsChildrenToShape": 1,.. "ItemAcceptsInputMethod": 2,.. "ItemIsFocusScope": 4,.. "ItemHasContents": 8,.. "ItemAcceptsDrops": 16.. }.. }.. Enum {.. name: "TransformOrigin".. values: {.. "TopLeft": 0,.. "Top": 1,.. "TopRight": 2,..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):155
                                                                                                  Entropy (8bit):4.5598280105456475
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BV9NKfNDyVMURCNajJW4whvyWmopCxKD4yMg2cakyxRS9NKSvn:xVfONDGMUj1tw58oI04oG5Cfpvn
                                                                                                  MD5:087236C6EB9A82D9BB57278A08D5D039
                                                                                                  SHA1:B31AC662CE411E2DE7F87973B1A213E3AC620D0C
                                                                                                  SHA-256:BD78A9455635EAC335F2FD294323939B70B5906DC3C26C83441920413157E533
                                                                                                  SHA-512:705FE9B9C21E525E83E66C2594EABF01D42EFE66D7F44CF61A0C8539D7FDE08D75DF5C83E056F49100C901E2073BB9DCAC0457214D5DF32C7FED815F1C0ED9DE
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls.Material..plugin qtquickcontrols2materialstyleplugin..classname QtQuickControls2MaterialStylePlugin..depends QtQuick.Controls 2.5..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):739448
                                                                                                  Entropy (8bit):4.749095212751871
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:Nk1MlswuWxuj0pxpCappphpVphp/pnp/pNp6pQpQpxpVpApB3p/p4pWpcpgpCpoS:sMlswFu40
                                                                                                  MD5:0BAA51AF9D9043FB2A828701ED22F766
                                                                                                  SHA1:0422B4EA84C835F0ED61D36A50A1ABFF0CAAC77B
                                                                                                  SHA-256:82D59479D246983522DF9FFAFCABBF8AD4EA8A96DEA8FFBD3927193F4550E7C8
                                                                                                  SHA-512:9CF78D51FD051FC95620F347D2392EB466F6CE5363BB988F461BCC3AF694BE4FD24C69B399984CC327A414F5A57DD124F0A9E265337F131F540D2CCB89C6121A
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(i[.l.5.l.5.l.5.ep..j.5..e4.n.5.7`4.n.5..e0...5..e1.f.5..e6.n.5..f4.a.5.l.4.F.5..f0.+.5..f5.m.5..f..m.5..f7.m.5.Richl.5.................PE..L...Ir.^...........!................................................................V.....@.................................p........p..x............2..x...........0...T...................,...........@............................................text............................... ..`.rdata...C.......D..................@..@.data...L/...0......................@....qtmetad.....`......................@..P.rsrc...x....p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Menu.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3132
                                                                                                  Entropy (8bit):4.814273270880492
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg915Q3JFw0cw/NtPCccswXO:nd5CB7fdpF0US3v5l/vCccW
                                                                                                  MD5:C17D3D7BFB6888203D88C2C8E5391B7B
                                                                                                  SHA1:9A3F9E3E37F513AE66BA4B6C012B2B7FA3906890
                                                                                                  SHA-256:071F5C638437BBCB3C6992FFA69F4A459F148D060C342F1D0F5E6C122201E743
                                                                                                  SHA-512:707414AA1ECA3B3B8C4CBAF1E39632FE495E60BC9E8D602AEE89A7289F71EB81466E7E1411A929AB50BB924636820109EF2801EB92D2A790CBE8C1A4A7DCF988
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2515
                                                                                                  Entropy (8bit):4.821005781824648
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhuQ3JFw07mX5:nd5CB7fdpFGx3v57q
                                                                                                  MD5:D71025F7D7E9ED4129595A7A0168BC8D
                                                                                                  SHA1:A2EF2D3D093BE18BE7FBC220EE742477C1326222
                                                                                                  SHA-256:E84583C39B610DBC2E89B9D284E6850D4DC80FD7C2151BA3A55D4BEA9926262A
                                                                                                  SHA-512:09BEE1B070EC4B7CF3235F65FD4294816778D3BD263C6CD3EC42A6C31A33ECC5A2B4CAB6A7D03DB276AA6D7110DC2D304B2460205B064C1399E4442E948469D2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuBarItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2994
                                                                                                  Entropy (8bit):4.804111096356225
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhBQ3JFbtoMokXxtwwX68:nd5CB7fdpFGa3vpoMokXxtz
                                                                                                  MD5:8ECD638D4ED2FF8B1803D1D5196C1556
                                                                                                  SHA1:5595E12AD1A6FCED601F2A2F4D0FF911F8F0FE58
                                                                                                  SHA-256:25267737CF4A0430631BC80B509647B605B903D9C2BB39A7D0FA05DF3939F5B2
                                                                                                  SHA-512:D81E449DDAD983AB9B89B4C5F8B28A7713D7FA511C0FE23A917E87E4F62992B49D3E24B0C14C50B3E392E6F974ED92B0DD08316752D4DF18EBB86E6982D4113E
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4379
                                                                                                  Entropy (8bit):4.80556368692418
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgFQ3JFbtoM9Zxe/xecakXxntM44QY4jX8swX/:nd5CB7fdpF0X3vpoMtQskXxKLyM3
                                                                                                  MD5:B05869D66C6D02AEA7FEB9CA883D8946
                                                                                                  SHA1:8ECA11E561E4C52DA3D3E6C8EC32A8D640382E30
                                                                                                  SHA-256:2AD146A44A773E8105BBA1A9A1A2552D4F64C0990C7EC48E3A98D59044398BC4
                                                                                                  SHA-512:C55D6326A1E0C68D36DA8272C3BFDB5B1060088617E78BD76B4257C71DF02EE3C4C927268E5FBBD46740FC68BE41C3A95B50E1B4B77048581C2D679470636D12
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\MenuSeparator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2442
                                                                                                  Entropy (8bit):4.839225593423535
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg5DQ3JFbtrjyA:nd5CB7fdpF0V3vpP/
                                                                                                  MD5:B5F15E86F80B2304F2AE672FADB3EE96
                                                                                                  SHA1:76A5C6EF45C9A05B5EBA7A7907588D69462181B8
                                                                                                  SHA-256:58A848C945814A0E233E775DC308F719FAB3790026687790D66B7974408C5F6C
                                                                                                  SHA-512:9D4B8B45B03D2B41AA44A256BB2A02BC993988E8FF4C52128895C27EACAB1E16A0FACB519132578EEA67395ECA27F2473D8C4A46BF1AD4814C56C91D04E27B50
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Page.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2604
                                                                                                  Entropy (8bit):4.774696392771712
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgOQ3JFm0QuLYupz:nd5CB7fdpF083vn3L/pz
                                                                                                  MD5:761015C43D3CB38D4A0E8A0694CA39F3
                                                                                                  SHA1:245BB0B79F994960BBDDB609CD0D143B905EEEB9
                                                                                                  SHA-256:4D4AC1104FD58E70DF514B2AB5D46B037BA489CB96C64505A3D672ADA6CC9884
                                                                                                  SHA-512:E3B37BF9AFAEBDF05B9F4A47810FE0440560E521CFB91FF5B31B4723704339AC5533C04A7AE845760F4968AB53CFD0CD8E0C4597D41A1C31254812ED07C6F259
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\PageIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2763
                                                                                                  Entropy (8bit):4.829470306877085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg3DQ3JFbth60+FZZ:nd5CB7fdpF073vph60+Fz
                                                                                                  MD5:29A933813837994A869AE9839B1C3D26
                                                                                                  SHA1:C29B1149A39BCFD5194510A6679B01826C8C82CA
                                                                                                  SHA-256:43433AF6C1F53A570C8CFCFDCCDFA41D8806CBFC9F1BB962CA12EA46CF4C0A6D
                                                                                                  SHA-512:1266AEBD949CA874EF9CD01E834F005F80B70451D3F83AB0812CD7E5D3C2DC993E9620D4762983D8A29145112C737AD9E98BB2E6D59C2D1DA6A9AE4B74466472
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Pane.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2331
                                                                                                  Entropy (8bit):4.838692827239353
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg/Q3JFw0F:nd5CB7fdpF0F3v5F
                                                                                                  MD5:D55630888288DE076EA18EE14D8CFF45
                                                                                                  SHA1:D598CDD2A146D976F577CE49885CE0FDB60462D2
                                                                                                  SHA-256:B01825029C2139A4ECF9BC1CE3C1379D19F4A3D7F8635BDBC0A9DBC28B13C2DA
                                                                                                  SHA-512:6C5C2D322F18385BB9706AED40921DD258E49E4B9B0DCED4C44D1097206118291F06FF4E4BAAACCB15101EE9ABF9BC90D70532856EEC9C404802350D05986A3B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Popup.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2592
                                                                                                  Entropy (8bit):4.855929209866687
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg1Q3JFw0S:nd5CB7fdpF093v5S
                                                                                                  MD5:D03D6CF824C899D2FF247CD0A474D986
                                                                                                  SHA1:DB54B862972C8D722C1DB47B3251975066B230AF
                                                                                                  SHA-256:75C32398761D16E0E875E26E9584EF67CFCD1A1F4F2938F3C86A57E17334CF2C
                                                                                                  SHA-512:065EB0674EB7BF0AA3C7CCC90E7FEDE654674B17E4074A9656C3B36CC37F6AB21C28CD30540360BDD7E497055F4D1C6A35E4874AD27F6B0DCD29C29D82DA0EF9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ProgressBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2735
                                                                                                  Entropy (8bit):4.8163289625337455
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhiQ3JFbt8zexozakWsfKOZ:nd5CB7fdpFGl3vpOeeza3OZ
                                                                                                  MD5:0BFA56149AFF7B45DED9F77C9CC85F6E
                                                                                                  SHA1:66CF64F0A9994224CF85C3080B59A93B28B2E6CC
                                                                                                  SHA-256:70000725A412BF884244F5E7A170A23BC2F4B96BE636C42F830067FA3F4FF728
                                                                                                  SHA-512:9FD5537CEE85B45106C8604BDE0528868B7357A11B02A8EFBCD63FEA8E8206620F3AF6D3D3CAEB33B6F80D4AD49F13FB97FFF3B1AAC76404FE2D891C6FA097D1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RadioButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3713
                                                                                                  Entropy (8bit):4.773769607411336
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgUQ3JFbtoMbW0J4qkofqG0xeskxJy:nd5CB7fdpF0I3vpoMb5TsGgWo
                                                                                                  MD5:8E2E42B0CB63F3B7F68F097CB97B0E71
                                                                                                  SHA1:454F9AEE8A0396FDA827B445318FD320C11AB1C3
                                                                                                  SHA-256:114FF5020E93592ED84368576EEC23AB3F999129D8C2BBB7FCAFAB3603FC28D9
                                                                                                  SHA-512:498F75A42BED01A02503870A3DAA245E2886DDE219D5728D818C3D7A9BCE28072BC74E4FBB493EE42B83FFA05131C958D4525A6E28EA914AB815C2DA25355932
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RadioDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4169
                                                                                                  Entropy (8bit):4.758093410324449
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg7Q3JFbtoMhxeszxqkXx2M7XY4qkofqvPwX86:nd5CB7fdpF0v3vpoMjLqkXx2M7ITsvyZ
                                                                                                  MD5:2B788400464D9EA3E1B0A465FCC23958
                                                                                                  SHA1:1D7368BA133BE85DA3D64E37F6986AD55864451C
                                                                                                  SHA-256:B3DBBFC1472B5CA9F5C836AC14BC847E878155AFD875F81CB600A9EC769F148C
                                                                                                  SHA-512:A66E39223AA6568C3BBE597A4FF93FF042EEA117E7B8A0AA6A0319F109D4E3D8D1B869311FBE0C78062E6F8BAAA98F5FA0C3EB548568391234496813D2410562
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RangeSlider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5005
                                                                                                  Entropy (8bit):4.758902637937423
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF033vqSEJmzpFmzhbngPdgcH8:nd0Bhp3SEWM0gV
                                                                                                  MD5:7E419F94FB2F5B1B4C956D66FE04F313
                                                                                                  SHA1:A6A337439BDD2233D727BC8C55FD85966259A01C
                                                                                                  SHA-256:81A2A87DF4D44A5023170189DFCE8076FE8C420B8D6912FEC23249D56A8D6D0E
                                                                                                  SHA-512:595B430F0CB3CD8256A9156C859E48CE38FC85EA73EE60E2F1F32A00B53F965B14520637ACC723C50F06775142977641782DA4B3A27AF430106FCE6CED85F7A4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\RoundButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3633
                                                                                                  Entropy (8bit):4.778438090721813
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgHQ3JFbtb3kXxEzwwXBpcWr:nd5CB7fdpF0L3vpbkXxIdWW
                                                                                                  MD5:42A33AD9B25996DA051E4A496628F25C
                                                                                                  SHA1:7F49BD32C739ED2378C246104C1A71434C5A2842
                                                                                                  SHA-256:3F06E0F1CC2222D5AC39949DD6AA50C5BCB88BD9BFECB0330CA6ED62A46C53F4
                                                                                                  SHA-512:9BFE3C9AB1D671974078811121D1DC37F69810AFCB58BF95BFBCD19CE4CD257B262C3A3BCECAC69BB9636F4A0B34A58D85FCB0D3FF4E251F85517A24884C9724
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ScrollBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3211
                                                                                                  Entropy (8bit):4.8343887210632195
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhg1Q3JFbtfSQkBLIkF/3ys5:nd5CB7fdpF0d3vpf1kBXJ3yG
                                                                                                  MD5:B851CCBD1786C616CD8C1B069DA5C640
                                                                                                  SHA1:860B1A5338B05FA821EA4F168AC76D894B9C2130
                                                                                                  SHA-256:ABE6BBAF5F31E5DEDA3086423EC8935BAE426F945A5532701982B3E1206857FA
                                                                                                  SHA-512:45CAD29A8569C5F48679D5A447942C7565988E3C1515522256E9511B5265702DC2BA5BC441D848A8D25ED36A80C5BCB56CA59C0C9CD14BE195A5094BF5846698
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ScrollIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2981
                                                                                                  Entropy (8bit):4.75619578796289
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgVDQ3JFbtnLSNxAF/k+isH:nd5CB7fdpF0p3vpnzJxia
                                                                                                  MD5:9FA5611A631E0FABC7C35433CC09E93B
                                                                                                  SHA1:689C9ED60D1F34DBB63C3B6549E471FF081D9601
                                                                                                  SHA-256:4E33A27C70ED092B8FF5DB889A6F2ADFDFC780525AC462E249CE428804C9F2E0
                                                                                                  SHA-512:3646644FE2A3FE69448986BA885899AFEC58772D5D54395DB0FA0B0E5E62F83B8C6B882D4FFF6B082E00E6B160EC1866DAEBFA119E11A62EF699EC77FA1E2D02
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ScrollView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2725
                                                                                                  Entropy (8bit):4.818398008330529
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgdQ3JFw0i54l1K+h:nd5CB7fdpF0v3v5iCl8e
                                                                                                  MD5:4CD5AF2ABBA5A14956D162EEF759C371
                                                                                                  SHA1:689777D7AC3CA08105F3BE4CEA92C655F236C9B9
                                                                                                  SHA-256:E133806D109716F7B355F1D643A18FEE659A64ACC1D8E27089A568E82EB4D3B4
                                                                                                  SHA-512:9FA50C54708C0C29638D69E96FC7372A1B687E6E678C6169A11AFEAD7EA561C69AA116AE0D9F05A40B7D5AE4BE4459F136C09BF3CAFEC67703F7AEA562A36FEF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Slider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3923
                                                                                                  Entropy (8bit):4.794707446109668
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgQQ3JFEIr86EAwNm8JOb6EAM/y24YOdh7q:nd5CB7fdpF0i3vj8Bm1DngPdh7q
                                                                                                  MD5:B469B132AE469ACCA3F396C4BC1886A5
                                                                                                  SHA1:98A9B96BC9BD4CFDAA84871813517524099C3474
                                                                                                  SHA-256:2B435D4E44817A589654C2A41D7758795DD1E148FDDFD9E2E192D1279D354FD8
                                                                                                  SHA-512:625762A0904D48BA78A662D94A03689DA7CC9287DB729FD036AA7A4D184E68B5AD78FBA2BD86DBA5102A9A146A94D8B3B7A5736756767AAD232E4997F96D6ED4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SpinBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5365
                                                                                                  Entropy (8bit):4.629971532594098
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF0X63vARkq3NjK7+b5SnATMSWAlQ:nd0BhpLCM
                                                                                                  MD5:70C54E305C8ED6278387D1605EC35B53
                                                                                                  SHA1:C274B2B47C217AAAD29558E80AA91405F28D1599
                                                                                                  SHA-256:7A8A219B1E85FDBDE2A49C168706CB29C41530720CB4E9D082492104A49F1A0F
                                                                                                  SHA-512:0ABDA48253D43B0A9AC7FBCBE34D3D1459D6BED94A9C16DD0EABEC464536743E7CC70931F81DB3AF6EC50E2F2C0E8A5F343EE8F0869381E046AAE511A12C2C46
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SplitView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2605
                                                                                                  Entropy (8bit):4.853125997394258
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M55H6E+iCsAaKj7fOWIkFy9LixgQqJFbtyz6V2f:U5CB7fdpFzqvpy2g
                                                                                                  MD5:A0671680A70476FE755E8B4E69A9084E
                                                                                                  SHA1:D1CFB08DE1F3F4295C6A16C1532AAB70379032D3
                                                                                                  SHA-256:FA338E11C1D5CA56D42BCB1952C307EFAED89FF9E62870A768C5CA40F3BC4875
                                                                                                  SHA-512:349022AEB030E6275ED6162B29B3D80105F94554101C058C59F112BAD9205112D1F4442B587837AE8846296EE34D553F9029CCD1401EC019E7E7429EE96E835D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2018 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\StackView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2879
                                                                                                  Entropy (8bit):4.918905834543331
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9OMmRQq8vSKSHzSQx:MCd5H6E+iCsAaKj7fOWIkFy9OMeQpAF
                                                                                                  MD5:8A40D2C1EC0D67DF4B7380EE96157B2F
                                                                                                  SHA1:2550BE9770EF8996F37AE469769321606E907AAF
                                                                                                  SHA-256:CFAF9A1325B36060F9E7489E80A5462F11F9FA99E5F78E4DD6D6DD0B10222F09
                                                                                                  SHA-512:44893E3226FEE75D6DAC97CA34C6526998B908DE24E9C6423BF1B5E42883B06DE1FA2689564EFEA07DE409D16FDE63A2FEE519006796B475BC49098DFDE415A6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SwipeDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3262
                                                                                                  Entropy (8bit):4.81695114339966
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgCQ3JFbtoMIkXx2M0PwXCrk:nd5CB7fdpF0C3vpoMIkXx2M0XI
                                                                                                  MD5:869738000F1E92572EAA2CD8A9BC2AAF
                                                                                                  SHA1:F531473E603BCB8DEB57DDC425CE2C03EFA47A7D
                                                                                                  SHA-256:D46804EE223180A03C18B4525D9BBEA14E8C4A559908CFFB6924BFD2340BB83F
                                                                                                  SHA-512:38DA3A172D40E99F4BAAA2876474FDF937A0400A4F1A3894E3F65C026D55D1BB2D211A36201F2D5092E490627F5E50BDFDB7D2D2854FCADEA99C58FF2C7F04AF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SwipeView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2821
                                                                                                  Entropy (8bit):4.8381484195048525
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OM8Q3JFw0IJeSaVzdSw4:nd5CB7fdpFu3v5I3aG
                                                                                                  MD5:CEBDA1281CE7EC8EA1D962680730C66C
                                                                                                  SHA1:965F242782FAE447EA9BA757E066132D1AC2B545
                                                                                                  SHA-256:790F1CF3FA94FD7C7ED4741121EB8DAEF603FCDF07A9C43D1B9B3B147CBAAF6A
                                                                                                  SHA-512:C0D666A10E5868B085CCA0AC5B7A0E0C6D93EC114EB5FDBE382FAB1284B8C50756A7373219F0A3150A3BBD201E595E6F17883A9D8983AA18C88E050E401E069A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Switch.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3947
                                                                                                  Entropy (8bit):4.757657645064246
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhiQ3JFbtoMSqq0J4FsAlQo/iRJzT0xeskxJy:nd5CB7fdpFGl3vpoMSI81i/TgWo
                                                                                                  MD5:00631CFEE04C7AD041504DB617D36014
                                                                                                  SHA1:46921019213C2B2AC33965FB6763EFCDBE19E2C7
                                                                                                  SHA-256:D2696E10B1054C586A6264C20A4EA70920D947C2C03A1C0FB8EE1261978F701D
                                                                                                  SHA-512:26F25C312555483AE6F54462E3ED9DE5BBF1226FA9B231EDF5FA2956E3611671E3B5000844FF2F7F8032A8E1C83B3C4E7DBEC7DA22B6368445FB524BA33F17AA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\SwitchDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4489
                                                                                                  Entropy (8bit):4.751534437214193
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGu3vpoMcC81i/sLqkXx2M0yZ:nd0Bhp3Jx81lxv1
                                                                                                  MD5:8C5871CE80D0FF65E57118453E21226A
                                                                                                  SHA1:15B39A26A689B373C5AF907B34C691BDFB0A67AF
                                                                                                  SHA-256:558C928F3C74474C829611AA29D54EED9C598E0213943FEE88A54692A81A7BDD
                                                                                                  SHA-512:E05DA99F8436E1CDB892E6AA5BB4183C53348D312E7BAC827FC07141C31B4143D24A6715D3D229B4346006A4F3E9EC8A00C973BE1AC3D54F6097705F173C7F85
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TabBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2773
                                                                                                  Entropy (8bit):4.839153998426681
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O1Q3JFw0cwlcZiSH59:nd5CB7fdpFA3v5cNIy
                                                                                                  MD5:A74E49BB19F90DF902A3EABD598A0A53
                                                                                                  SHA1:C43A49685D43F3425FFE4BB409C9BB0DBE640654
                                                                                                  SHA-256:54FA946D021F78B2E35B38F3769B036F5943259F86C28B4362E184FAFCB9AD01
                                                                                                  SHA-512:8D47E4A041CAF6D758049158F1874E98D1C5923E9DC5C8150219B47A4B3F3548F5CFCF88CB3A03CDBE9D0237A9DE9C2788F41935461BF8F5EFDF3BA8DB864626
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TabButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2987
                                                                                                  Entropy (8bit):4.798051662963486
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhggQ3JFbtZckXxNKXCXi:nd5CB7fdpF0Y3vp2kXxLy
                                                                                                  MD5:9C1CA9A17DA0491B998E87B62643E567
                                                                                                  SHA1:75D4FEB4CAEF7F61657B6127B13C18B6B88F3E4C
                                                                                                  SHA-256:777DC9EF7B8278285AF9844E0F465347D321D0F5B9425448E1891F78257A0085
                                                                                                  SHA-512:D3FC772CB97A5A9B91C5D4878913150EFBB6E3AA96CFD5D2E056F90D35A862465F4965F2F6C692C9267D772E784E8451669D6AB52C952E49AC4002DB0459CC81
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TextArea.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3313
                                                                                                  Entropy (8bit):4.81341500049657
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgPQ3JgZLzA9Uujygyi/5Ct:nd5CB7fdpF0p3ONsUu+t
                                                                                                  MD5:7522606A7EA70E450F859848C41FC134
                                                                                                  SHA1:130B6277CD65CBDDBEA007D22A9B40A7F3EAC14C
                                                                                                  SHA-256:F912C4DF59C22B53F85F0BF0C5C7BE178DFC66CE2C328C86598FD6C931ADC1A8
                                                                                                  SHA-512:7F205F9BE5189BE424E210AD461675C2A44C58A0DA1C1763A7FC4B141CBC10448172C4B59B3FF2A756CD8F9E860C28F010499256ADE1C392C3899AB198A4FBA6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\TextField.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3571
                                                                                                  Entropy (8bit):4.831582188655847
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhguQ3Tw/nP0p9Nj+jygyi/5CyswXZA:nd5CB7fdpF0G3TcszNi+yS
                                                                                                  MD5:1DA0C6339D4E766DF8F478C718CC19FF
                                                                                                  SHA1:C7A79E0772D9D97E86E614284638A89752EBF0B2
                                                                                                  SHA-256:8F792EBEA56C72FB291DFCA0DB0C5D93A1782924781008E355504F5F14AB59DB
                                                                                                  SHA-512:5A39FCD79913AB20D71D91FE400FFB535509E22993D3C6EB2B0B6BE32589FD61F4059FF16D35327377BB2E885FA4FCE7F3AD965A7CD13F684ADA7D1D25B579B2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2343
                                                                                                  Entropy (8bit):4.839387606601536
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgwQ3JFw0YX5:nd5CB7fdpF0s3v5g
                                                                                                  MD5:FB466EBB67A6A80E86D318EAEF23E359
                                                                                                  SHA1:C83442D520026EC261BD31479FA80F6FF3EBED01
                                                                                                  SHA-256:44EF02AD2FB1680D9C8F07E860F31F6559D317688211D6866A48A7D9F61779FC
                                                                                                  SHA-512:C46F838DAE07269BA496F38C1B1119C5A9F9BCEA9DCF9B975519AEC350209F827623C74A2412FCB66188A11BF9A5F57A5512720BC8AA41790419848E12234DAF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2998
                                                                                                  Entropy (8bit):4.8220367527818055
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgjQ3JFbtQkXx+ww3F2:nd5CB7fdpF0h3vpQkXx+L8
                                                                                                  MD5:EF218CB8A8AD482B657573BD7BF1D11E
                                                                                                  SHA1:0880EB6098F5E2FF13D5B4130CDD53CF10FBD0FC
                                                                                                  SHA-256:CFFA07A4B74ED396E974854782CA8AF88EA8938A99D6A4CF00808133FD609F0F
                                                                                                  SHA-512:2231A1AA47A497126AE67B89F76270C5EA2BAEFD4954BB90BB9D33B1DE6C4383678BB4CA9FA16969A057925B8F7F4204455920859CA2E814B75F32805E33C606
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolSeparator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2492
                                                                                                  Entropy (8bit):4.8422185369621795
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgmDQ3JFbtUiBuXA:nd5CB7fdpF0G3vpPIQ
                                                                                                  MD5:632F3D71CA4A76906A199FC0C6CA735E
                                                                                                  SHA1:AE225C531BA08EC3C7809093E3FCE347822916F9
                                                                                                  SHA-256:7CB420E0DDE01C0B43B97FB0068CFDC4B48802201583098F5ABF129D369FDDAE
                                                                                                  SHA-512:5C55398B8B5855D056E4F9AFCA4F687B2D8C4295F67E98AA2B029B99C94BA8A1D0BAD2E0768A7A3918E517CBA3589F89CDD48ECD10C38A3535E606CB761AF8F8
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\ToolTip.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2763
                                                                                                  Entropy (8bit):4.861346233395539
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgwQ3ohgJFw0JWO:nd5CB7fdpF0s3Fv5JB
                                                                                                  MD5:A43B5FCFA6BDE733516CD4250DE39BA6
                                                                                                  SHA1:40AB2E0C3EC63FE53EDF25100EE25AED14DC466C
                                                                                                  SHA-256:9ECD0A2492D7E7CC41300688497A7F9EF312164173C3BFA59D619C513C36A843
                                                                                                  SHA-512:E83780D602EC46E0A6E7D2BA65B3140F942625B2AB7098139FCEDACB829FD2C097B87F30DF61638C28A2BA1914F42C7B4630298BC237680F787BD9433FE4BA3A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Tumbler.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3289
                                                                                                  Entropy (8bit):4.813708726729087
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OMhgwQ3JFI4Ctf9KuGlZusHPwLA:nd5CB7fdpF0E3vI1UrwE
                                                                                                  MD5:41B49164E4FEB96D77779D1430D3AF6D
                                                                                                  SHA1:5FC6ACC09EFDB6354F676772C06871BD6CDA04A9
                                                                                                  SHA-256:FA93702565F433661EC3CBF5B9A19A491F59FF92C6B3D45AE83C3FEF44FBA27E
                                                                                                  SHA-512:327F66898AFA927E722F0494CDC68D4424F6A11307E2D47FBB67FA7A12E22252262FAF15C1E68397A836CA5B9AABC68166092F5D56F234B226544126C3DDF6C7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ApplicationWindow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2442
                                                                                                  Entropy (8bit):4.86493156112326
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OC9igaFk+BrvTd:nd5CB7fdpFxNF7d
                                                                                                  MD5:30922D0121AB46D783CE0BAB31858914
                                                                                                  SHA1:EA686E62CAA788CC849478521D6163F9F5FE7DDD
                                                                                                  SHA-256:EE81D32E871BFD35E69F8D16D3FBB532B048B118CD36E86800198939DA8AEC29
                                                                                                  SHA-512:23A191CA9AD0389DF183B12A1EFB54473975360EE0AC57C39CFF3D60CCAB8EB4119E69FA387CD80F3E0DBCF10EE5A833E8602ED4188488223DE6723B36E442C2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\BusyIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2614
                                                                                                  Entropy (8bit):4.866256211674586
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaADQ3JFbtlSIryy:nd5CB7fdpF6Nv3vplX
                                                                                                  MD5:6AAC2170F96C64FC76DB9495FA8CC758
                                                                                                  SHA1:1C1BB6B6348DE7F5ACFECC70A33E5E4D9CE29DB7
                                                                                                  SHA-256:2BC48326FF3F96C9B45BDB9F40D58C4247F0A3FAED1B6162053E62900DB29681
                                                                                                  SHA-512:7B01D6C7DEBFEE278C3E1798F068F6E677473969188CF6AF88FF6BB94D1D70429970D285322CCC9B98B1C1C0CB47AFA82FFC7BEEEEF3A24D8B9F265751E29032
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Button.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3611
                                                                                                  Entropy (8bit):4.7680902199349715
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiaQ3JFbtdCsuI/kXx5QwMyUbcAx:nd5CB7fdpFGn93vpXkXx5QQUbB
                                                                                                  MD5:11876909BD8C572FCF9C68D861D81741
                                                                                                  SHA1:344F99132458B884F2D194E24AA81A64D973C900
                                                                                                  SHA-256:0BAD423B02C2011707A175A5A0419012D76CB347564E2B755D1556332CFEEA5E
                                                                                                  SHA-512:429D31F52DD66D2FF6BA7AB0C57BB44FC49F98BCB1116278BFEA3428BFA0A321A48DBF294791590541E502B6C4DC31645F3CA80C4C364FAA1BD89E94EC5FE497
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\CheckBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3231
                                                                                                  Entropy (8bit):4.833735206635413
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iga6QQ3JFbtoMJ510J4i0xeskxICUlLQ:nd5CB7fdpF6N03vpoMYRgWpD
                                                                                                  MD5:1E7B9504E295508689B5970DC46D0BCF
                                                                                                  SHA1:165AF8EDCCC0BD2F1194B4C7ABC2AA01906CF23A
                                                                                                  SHA-256:5D949874D613C39F067E6C8AEDCED87C89041D812C82C8C9C99A940FBBBE6DD0
                                                                                                  SHA-512:E6E3129C374F0C2E52D2CA70F87B8109EBB949CE40B0F15125C92AC3CF77A419818543ECC3541ADBADD823A703B503481DC51794B7DCBC97EFBF5B4501742901
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\CheckDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4189
                                                                                                  Entropy (8bit):4.819183062317373
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGnNi3vpoM24SickXx2MIb+n:nd0BhpFJ245xvBn
                                                                                                  MD5:EA2A891E3ABA55F35659D09FF6234EB3
                                                                                                  SHA1:E6D71E1AF8A90B52C609395F55D3667C67EAFC63
                                                                                                  SHA-256:CCA48AD0B22E517AC4487713563498EF4C742773E9523667FB89EA16CE1F5384
                                                                                                  SHA-512:E46C4BDD6AA941751503D42484B1B55F5B96D6C907044E66A979633C0F632C925287B6147AD348379A13A0B3D2BCAB6A71D642B089B7F12D1AE3644CBF5E3488
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\CheckIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3964
                                                                                                  Entropy (8bit):4.847429026644494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgifSv1aTHliQ1WQMaLb:nd5CB7fdpFGnfgoIQEu
                                                                                                  MD5:61CDD8891A294B6B2494E99C618867AA
                                                                                                  SHA1:2EFB0001159C56776B8990D4D8201AECF662C346
                                                                                                  SHA-256:D1A8C5BB4368D063188614F256104D10B51D0AD1932B3B12E7E5F5022BE718E1
                                                                                                  SHA-512:31D5D96F7FAFF791A61DBFFB58B61E9021B9B4A2CDD53C30BB367A3A940B4463675ACE7301B5317351BBEE763134E66A31DADD4E5F59BA46037FBE1BA6C1CFE5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ComboBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7140
                                                                                                  Entropy (8bit):4.737901941968685
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFG3vpoMkhBW0UpMbYRzH/Yru94+q6JQ:nd0Bhp4Jk+lXhAuB8
                                                                                                  MD5:33ECF34EF4AB9B26E8185E8DFC4FB60C
                                                                                                  SHA1:BA125DBBB1E1DD74EC86B6DE46EDA9E17336F7CD
                                                                                                  SHA-256:A4831079B74D2F56B5346CDEE77527368E8F06B9B5968CB748F3109D7D2B50F7
                                                                                                  SHA-512:3781C6899A9433719C2A9AD7264BD05909AFA8EF1948424200870DC3266F0E9BDCC0A62E2C47E0E2C175FCDAD7E233A6A2668BEA9235E3044B4E2FCB02366661
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\DelayButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3597
                                                                                                  Entropy (8bit):4.76073627095022
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iNrQ3JFbtdCiwrE0TCEGlLLdvyAuKzbcAx:nd5CB7fdpF6NU3vpkr4vdaAdzbB
                                                                                                  MD5:B980189F05C5741173E22F64617CB55D
                                                                                                  SHA1:DECD107743FDC3EA0A3D6B7143FE5EAF2E32184D
                                                                                                  SHA-256:06AB47615A79986D559A5CB7FA39B6D54D12DBE67C4AEC1265345B30459AFB27
                                                                                                  SHA-512:B94A65E82A45CD2394C272405AA410020072C0992127E86AE2FEA37EF100C63BDA5AA40D2E72F24DF897FD54034588B166D8DFBCCBDD0EE32FDBC007C69ED4C8
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Dial.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3648
                                                                                                  Entropy (8bit):4.790213481862165
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igQ3JFHCtLFPif51ca5f93ori52/9yiX3FJ:nd5CB7fdpF6z3vCB6f5V1si5G0inFJ
                                                                                                  MD5:F86A18F068D4B114D1430152FEFA2152
                                                                                                  SHA1:D585869C1E698B95EC300C979F23573C6693EA8D
                                                                                                  SHA-256:CA78F83176C643CAAC68AA49DDFE09302B5ACBBA09CAED32804925AFB356C0F5
                                                                                                  SHA-512:461843598BECFD9BE8196C3D84A9146733A47692AE1BB861DE378729DF25729C68426DCC53BAA79E4A97871D96C72E52C94AFB23A8F9590BA64470A16340C3B2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Dialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3544
                                                                                                  Entropy (8bit):4.780414940069658
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MiWQ3JFm0QuLYupDDaSERbLXz5/15Uxb:nd5CB7fdpFLZ3vn3L/p90jW
                                                                                                  MD5:983488B33F7B24FAEB8AD92D60CFF4D8
                                                                                                  SHA1:11B29462C0EAB1AA5C854AC5D491656DCB69DC49
                                                                                                  SHA-256:00740BC73B27262B9F14003A5C86854596F2606FD1F0E20941E007D6A64D678E
                                                                                                  SHA-512:B9DAF80DB07128859815814D5D48963BB0A055503D2C7EB7724C439FBCC699635363A4AC78FE531A8587836AB9F689CD5BB31CD39E3FA969CEBEBD8EF207F56A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\DialogButtonBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3141
                                                                                                  Entropy (8bit):4.877469106235129
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mi3Q3JFQeGYtaC82GwRCwec8P:nd5CB7fdpFLg3vQeG0aC82G0CH9P
                                                                                                  MD5:A01F36E0280CE5B1C7B45F5BA6DF6432
                                                                                                  SHA1:B6CB5C6EB8ACB74E2F3280237E9E55FB6CE24028
                                                                                                  SHA-256:E64EE9833E08D9E2C50AB44889748890B82DFB759A4B4D02599A7EF915F991DC
                                                                                                  SHA-512:CC2DF4237ECB1A18B14C1EB52A07453D170475CB6AD56E95ED858F3FF27C8A82D600E63858CAC85DB6595940641C794EE0AED84FE5BD2F40A09316C357851954
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Drawer.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3272
                                                                                                  Entropy (8bit):4.855458889295017
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iPQBJFw0t/hnMRxWQyxb:nd5CB7fdpF6YBv5Zh
                                                                                                  MD5:F0FA93B831920358072547A9B83A20A8
                                                                                                  SHA1:EC661FF54B0E1294E1E68760B5254B01C673AE01
                                                                                                  SHA-256:27DB95473D7270B21036E7F7E5EEA66F63D606E134CD3C7A108DC398929670AD
                                                                                                  SHA-512:B051476CC81C3D802DE182F2869878A367809106C3F0F64973C08D2D240B331BD110CF65A200FA3A2CB8726D303C60C0DF310058E830BE0C9FFDA8CABE34A263
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Frame.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2362
                                                                                                  Entropy (8bit):4.840196634832251
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iXQ3JFw0Cb:nd5CB7fdpF6A3v5C
                                                                                                  MD5:3CE69D346524C41D081C5471B672535F
                                                                                                  SHA1:A6394A4198094D8E468C422CE3807EB3DA578F3F
                                                                                                  SHA-256:7A4E835E35B97A4EE774042C45DBD1B1250D80141D351734243C2FD25F938EFF
                                                                                                  SHA-512:FFB40E1A4059EA9517E710B2239E33799A54768BA7F72C981DA58B707B2D685F8D37459C9F32369B9B2109C5BFBF9220FC3397FF70EA9C211F9C9912B943CBBE
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\GroupBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3031
                                                                                                  Entropy (8bit):4.815424548202451
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iqQ3JFd0iva9WLCUlLjjxVb:nd5CB7fdpF6N3v6ivaIOKjn
                                                                                                  MD5:28FA3B9968FC0E1369E0EC0E6F3962F3
                                                                                                  SHA1:356A461F7A6F569A8B37FF8A1CA0D63616DB4A0A
                                                                                                  SHA-256:F795B3BE2A6D4A5885D54CC00A1ECE95EBC707A11DDFBAE20546CF46673D07B2
                                                                                                  SHA-512:3C30DBFEE33949D24B55184FB620F080A65069EE04B89958E4C04028C9526DE5FB6C5F97CAB7641CA66C4A43981A697C6FCB9F0ABB10E971E76FB1ACD7E54E25
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\HorizontalHeaderView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2999
                                                                                                  Entropy (8bit):4.823707297757387
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvx8cqQ399tqYVtXFbbUWlF:L5CB7fdpFY35qYBb1
                                                                                                  MD5:057253DD05394B9B0BA19E242A7C03A7
                                                                                                  SHA1:48C95205EA7D791680F624E93F220AA9D8A26498
                                                                                                  SHA-256:7359789F86AE8789F63ACF3566662275CEEA14CD2F973CF4E9724C13408D7073
                                                                                                  SHA-512:47A1D0E0BEBD6595F1BC07DA9417BEFF15F84EACF2EE3C3796447E341E3FC2005C269C20604802DCF16E5D0AE280EA53256125284ED122DE3A5A8C73888DCF8C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ItemDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3649
                                                                                                  Entropy (8bit):4.82315689006633
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mhgi+Q3JFbtoM2Lu8kXx2MDUb+n:nd5CB7fdpFGnB3vpoM2bkXx2MIb+n
                                                                                                  MD5:41D103DFD6FBCDE9575E4ECC41C7AF56
                                                                                                  SHA1:FE4453DCEC366E3895A1D59880B9A2079C4BA277
                                                                                                  SHA-256:2BBE9E32EA491CAA7BBCE03064CB3E9329D660A01E107CD6BE2AD62BD4778FE2
                                                                                                  SHA-512:0C83963D1B3D68C933A2C7DEE78E689EF4130ED6BD217E511D927AC7E2B045CFD58597708A97342D0C6A0C938EF5EAA471096B1617657975174CF50C3900B1A6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Label.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2013
                                                                                                  Entropy (8bit):4.823214903186843
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MCdbFTT3QXf8WYwid0szM6RqeRGNfj9TNZlOWIQNydOtQ+y9O9efFpdqQWyTQVNs:MCd5H6E+iCsAaKj7fOWIkFy9O9idqQ/1
                                                                                                  MD5:68118E5701B958BDB5ED8FA8CD5938D6
                                                                                                  SHA1:10CF3F2773B27BA97EAA4E9248FEE8E47C48652C
                                                                                                  SHA-256:CC3264DE0EF9416C869D7736EE50A30310E267D6EC890F3DE741E56A6D3608E1
                                                                                                  SHA-512:4BBE100386809F48671D50446059705A7C0B8D9ADE979ED0607627A5E79F78B69099648C6D8304CFCA96BE4088CDBA42A8F9225D11883979FAE368F1F3070851
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Menu.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3188
                                                                                                  Entropy (8bit):4.817952074436946
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OM9ig15Q3JFw0cw/NtPCccswXnaSE8xb:nd5CB7fdpFvuS3v5l/vCcc1B
                                                                                                  MD5:BD84F0660D08F74C3F59CA06C3A720AB
                                                                                                  SHA1:3FD62D094C83A1B6515F19174AE3D430490BD510
                                                                                                  SHA-256:BA728FE4C754FCA8A6D9B1A08A114928FE28A0FEBF947DF3B9EEB46058ADD387
                                                                                                  SHA-512:96CD5D78461F1BE5A5A69E738DD16E4C34C6D6B5E6A87DAA57BDBF61E4939F51D36AD74128766DD3A9A30249409E62FBCA225AFEF63801F7284E4977BAAA6C7B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2568
                                                                                                  Entropy (8bit):4.835909043606398
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiuQ3JFw07mX3b:nd5CB7fdpFGnx3v57G
                                                                                                  MD5:6505E480F2B9926D4D2C3E5FA891545A
                                                                                                  SHA1:0653562C21BC00F36A09BA5E624508DB7E822F44
                                                                                                  SHA-256:C76E6D27C2E549924D626F3035E50C6ACB5C80C1E27F6F2E563DC8B7AD07DC09
                                                                                                  SHA-512:7A3A7854A0C687FEFCA9B2BF28E02BD530E0DBE6900BE6F0D1572FB719F2A954D74D8CFF81ECCE86697A8A383D0889A33CF05A62E9C82DF59E2EF53E4CCA1ACC
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuBarItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3579
                                                                                                  Entropy (8bit):4.788049528540249
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiBQ3JFbtoMruLyZkXxp0ww5Pa:nd5CB7fdpFGna3vpoMRZkXxaFPa
                                                                                                  MD5:5156BFA9A79101C234B9104A3860ED35
                                                                                                  SHA1:C67A1E5141B65C476E0DC3C6B3210BA943C8EF71
                                                                                                  SHA-256:AC73F4E0DFBFB169BDD0EE604D3DA70A935C813262F49117E9D9EF7CEF9C460C
                                                                                                  SHA-512:A738FA57A38E929943BC740F3A0FBA0FD4A6D7316DEA6DA64C0F80235390DA9C0CE4F02FF238F56AEFF74F423B08F48CF1AC6052B8834D49CA743D0C0803CDC8
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5073
                                                                                                  Entropy (8bit):4.803398406819676
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGnJ3vpoMRPQskXxZyas4SRPa:nd0BhpuJRsxZlspZa
                                                                                                  MD5:E6B30F84CB41750DA47EB3EC0170E226
                                                                                                  SHA1:63CC56C19796A4482471B6C7A48863F6AD754B6F
                                                                                                  SHA-256:AD00BA11BEF803203B3B68D08C17D26B4848546847D3EDD7802D968A6ECC3723
                                                                                                  SHA-512:AB06AB8090F4B50BB18BFF91D08B3C3741818F4F511CDB1A7B6B4AF58BDB0782AABE3AAA9157B9BB9FB1D9C3B25C143B66E87A7D513BA3C7B5123BDA2C688762
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\MenuSeparator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2533
                                                                                                  Entropy (8bit):4.846356002102557
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9icDQ3JFbtMu0b:nd5CB7fdpF6T3vpMF
                                                                                                  MD5:6B0C18B69818DE385FF38137747AF21B
                                                                                                  SHA1:DFCA99F3770E59D0338242859CB63D30DAF5DF8B
                                                                                                  SHA-256:BE42D1BC196BA6E2849C0B536F5B8B9532CF9A212B8838E88C431E3135F040CB
                                                                                                  SHA-512:E97817510C45709C990B9F2C75758658BDEEBE7CA88BFC47C2488B1975644E1FD60302997098061DA814EB53650217EB651C8B6E9C24FD1CDC01D48FB10DFA35
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Page.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2585
                                                                                                  Entropy (8bit):4.772316352792342
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ilQ3JFm0QuLYup1:nd5CB7fdpF6e3vn3L/p1
                                                                                                  MD5:38CCA49F231D57566EFFA74E188DBFA8
                                                                                                  SHA1:AEBC934932605C2F6BF070DDFD38A766CF910E31
                                                                                                  SHA-256:54E4BE75E5355BE1FE22E0B16C51FB81F974AF9FCA4C487D78E4AC4AD391B214
                                                                                                  SHA-512:99F74FFE7F05FD29A2CC92542B6FD5D415CF373CF1CEED17FB2F33100AF75AF9099787A935504790F9E7F309AE59C1A55600D291F1BACF2DCA1C0D004FB377E7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\PageIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2769
                                                                                                  Entropy (8bit):4.791992195558291
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9i6DQ3JFbto6qEOFZZ:nd5CB7fdpF6Z3vpo6Tgz
                                                                                                  MD5:D68B0EBE4F30F47A9FA2A8EBB8719044
                                                                                                  SHA1:9A068AD807DAFD0D7C093296849322C26DDA5AD0
                                                                                                  SHA-256:5B42D3E817DFFEF20F3328BBB73F89E11E52F32C5359DE999D898B09D7747FF6
                                                                                                  SHA-512:E98B2A9D14809DDB7F91378541A9467B04F630F4FD604CCE3FDE9C71D9A45608600F17D38CABFAD66D37D095D4A9708A3271CE9CD59E7B4D68060118326D3809
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Pane.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2312
                                                                                                  Entropy (8bit):4.836628797705159
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iUQ3JFw0j:nd5CB7fdpF6H3v5j
                                                                                                  MD5:E2EB84D9C62821F21DCDD802F873CFE2
                                                                                                  SHA1:DB2959EFD8F76317AB662513F8083C61F68977A7
                                                                                                  SHA-256:09EACE0320CE3E20AD80D2FB3A9E7E6F1D42C0EB2F84C2EE569AF4345F1B28CB
                                                                                                  SHA-512:62A6CEAB8F7BEBF75DF99EA9FA8CD859A2D0B800E5CD3FD2F58AA2C8499CCEEC9EB856D50575BF67E9C44627BA2453ABB592B8DB0A1BAF2B43F05B0A13EFBCF2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Popup.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2618
                                                                                                  Entropy (8bit):4.852512229773011
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iwQ3JFw0jaSE8xb:nd5CB7fdpF6D3v5ZB
                                                                                                  MD5:96811F768438E70DEB8BE62112EB8571
                                                                                                  SHA1:A9BF49AB45008EE53FA6A60061CEF11056E96F7F
                                                                                                  SHA-256:FCD0CCF5FB6E7B20FFB06E7AA4A0F49C18BB6A5C832A5E3B5D0F72EB8FC857E8
                                                                                                  SHA-512:ABD9ECD915221AA3FD1723D30C68C48BDA166ED0AE3E562367C9257B34481754EB7C8E07F6F3062BE8D234A065F97FA1035EA548419FD2A4628B389E826D8852
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ProgressBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2783
                                                                                                  Entropy (8bit):4.822722121007662
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaiQ3JFbt8z2rozak8PjfcxfkPb:nd5CB7fdpF6Nl3vp220zanbAf+
                                                                                                  MD5:919BE776133310D6C9EFC17B64F7BF39
                                                                                                  SHA1:3038245521C3059E1A092C54F327F3EF8D023E62
                                                                                                  SHA-256:CABAD8F6559EF0A38D87A5C7BF8504C3448B8364FCBB8CA4810198D34E74FF94
                                                                                                  SHA-512:66D0907A356535CB14CBE7171EF87F24DD81F5472CDEAA63F8D44639F1C0DFD134B05A227814842E2D419C84EF0FFA59B1814DEEAB703F5D4389E946C9CF2DC6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RadioButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3234
                                                                                                  Entropy (8bit):4.831819684485204
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaFQ3JFbtoMJA10J4i0xeskxICUlLQ:nd5CB7fdpF6N+3vpoMNRgWpD
                                                                                                  MD5:47B37B8CAFC071F3782645DEE264A0F0
                                                                                                  SHA1:B7E8D3D5557BCA1095609CBB154F72E6123B2D7F
                                                                                                  SHA-256:D045CAC3BB3EB18F555C1BA2E18DB8D29F0BA0618E1C031E430D4E0FEB3225C4
                                                                                                  SHA-512:8F4C9D1FD7D5EDAC9463D1D6F2290DFD07DABAE1D91239F4391F9B94F559D6E43F891424C861E7BC135544FE32EE9FA01E4F73CFA443566DE94B2D593FA808BA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RadioDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4189
                                                                                                  Entropy (8bit):4.818559974021103
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGnNt3vpoM2VSickXx2MIb+n:nd0BhpkJ2V5xvBn
                                                                                                  MD5:F04B8D57B0CF35179A39A63C3B498BF3
                                                                                                  SHA1:5B013B2BECDFC98DD6DED7BB61E75E03389EA954
                                                                                                  SHA-256:A8A0C6E167CA215BACCAD9E343D11A2F259909C88E3B1DC88ADC8B0629D5261B
                                                                                                  SHA-512:ACF92D3FFB610B78839A0A7302761734630286A702CA98AAB32132CCEAD81268AB1595D52D73627DCC5D0024A9372F4AD44C316D600E879032F5EC58734475AC
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RadioIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3462
                                                                                                  Entropy (8bit):4.757964754620368
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9OifSiK3Iyrr8NL6uryAsLNb:nd5CB7fdpF4f2VrINz2As9
                                                                                                  MD5:4E23BD6C4A28E57D4314EEC0C105BEBC
                                                                                                  SHA1:5355E64D346609C314E6BC31991F920C72C5F160
                                                                                                  SHA-256:E44305CC55790361E327EE9A4E03231070848B9D606F854E6A43638310AB91BF
                                                                                                  SHA-512:161294AD1257FF277F72C328F4C75BB9B84518861B15C51FEA2490503D88F2DB965F9C46022B5BDAD30041283A4262D36B146359931A32523AEF7E132A091067
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RangeSlider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5735
                                                                                                  Entropy (8bit):4.762434213586017
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpF6F3vqStm7KqO6oLF9PxJrF9i69xttQ:nd0BhpLSEGAox9jR95Q
                                                                                                  MD5:D0E7BD67863F9214FC91B2DD744F5C97
                                                                                                  SHA1:08F3738040BD9886598E6E513CE9CBCEA5E4674F
                                                                                                  SHA-256:C6EE80AA856F618C3FEB777EB96C329AE7B57D2C53D990BC34548B4CEAB68C98
                                                                                                  SHA-512:1EE5EE2BCEDCD5431CFCF48E6396A1D317E69C0635ABED0FF43F1724659D42C4F94CFDD0E9404BE50A82C2910CA29762FB43FD734E34065D7EF92922E4C501F5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\RoundButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3650
                                                                                                  Entropy (8bit):4.756460909764809
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiCQ3JFbtBuI/kXx5gwMyUbMAx:nd5CB7fdpFGnF3vpdkXx5gQUbx
                                                                                                  MD5:6A1A1A3594F7FCFFCA535F343C265D07
                                                                                                  SHA1:A833CDCCE738182AC3F7ECF1D670BF51F7485E95
                                                                                                  SHA-256:4830165063CEA46830FE37DDEF5695A1372F3ADCE5B40CD97A17753904E3D091
                                                                                                  SHA-512:C068764410453E56A0B34CD4AE0EFEAE2CC1C20EC45E9A4EDBCC362545DC2AA305F14CB56078893D2FB8B3E9228FCE194604B76F4E080064A3E0E0E17A8C30FA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ScrollBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3798
                                                                                                  Entropy (8bit):4.833929967744693
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9isQ3JFbtbSQuWfEJBNvjiykDPxEXi4PxZ:nd5CB7fdpF6f3vpb1uxlKPai4Pb
                                                                                                  MD5:A3E3A50AB10788C00A13998D8B60084C
                                                                                                  SHA1:C27B825B3144D8C9659F604EB4C54610029CF775
                                                                                                  SHA-256:D3A2C52A2B4E31C545EABE98223ABB046A420B46FB933FFAC4785014D3BAF58D
                                                                                                  SHA-512:174A1C30FCBD50DB8261C38FEF4846D02DEA363BFE69EC2D1C42AA1E35086BA4F30191BF3706B92997D6907A93A89598A88D1D45EF850AD85853ABA525FCDDED
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ScrollIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3070
                                                                                                  Entropy (8bit):4.707917185138538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9isDQ3JFbtSTBNxickzXE8aXH:nd5CB7fdpF6D3vpS1KzaX
                                                                                                  MD5:D80721F83A475CA172D3AB390278D683
                                                                                                  SHA1:E8E32AEAA1EA069BB01CFD814A2EE10BC9FFAE00
                                                                                                  SHA-256:31409DC791AB9690F9ACB1C5581C9EAA60187C12169A249030EC0A22D07ADD69
                                                                                                  SHA-512:989ABBAC2BAFC6853408D6566DE2E6B83D3FDB0F3BAD5D974A4C36E06E03B590C611C8E9610935E1DFFA285D20C426E4C140EF9B07E299371D43C6049A3EC157
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Slider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4658
                                                                                                  Entropy (8bit):4.799331765263338
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ifQ3JFEITdd86EAwWKm6EAm2FLF9d6oAF9miwx:nd5CB7fdpF6o3vjZ2t6oLF9IXF9mi0
                                                                                                  MD5:A483F67E851CFE81A3BB3288E11D6D77
                                                                                                  SHA1:116ABD889A39EDF699A2C4B68CE6D4B88EBC003C
                                                                                                  SHA-256:4E25E9C7BF52800675D934BB24B5F2BBC7BEE91F0B139CAE6F934D453E354EA7
                                                                                                  SHA-512:DC7E84A05EC92731C78F807125D95314E73D535D9A0C114BFF6581C141CAD807B91C46AA4896CAC7E5F5580BA3B96FB0EBD48D57A378CADC0697151F6CFCCC96
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SpinBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6648
                                                                                                  Entropy (8bit):4.72624143810639
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGnh63v5MRkq3JCjKB+bCSQOQ/ra:nd0BhpXhQCQWa+
                                                                                                  MD5:71AD2135502E88D66B0781143923CAC6
                                                                                                  SHA1:99EEF2C55E9F4A6171605656D28EB390094E1497
                                                                                                  SHA-256:44B096B4415E7CB19082F58086E0F5E1726694F206A4364872A3C360953D7052
                                                                                                  SHA-512:FA45DB83E3DDEFC981B4380657B0C5709BC345D859449BC264F1DE9FF789029D82912BD5C6F69D0392A9A98000FD428508139D064EE2C3F44F33ED134098F296
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SplitView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2682
                                                                                                  Entropy (8bit):4.878133413550622
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M55H6E+iCsAaKj7fOWIkFy9LixvRQqJFbtyz6t1:U5CB7fdpFiqvpy23
                                                                                                  MD5:3ACBE1D1CE8AB0CC2BD7823FDFA4A2FB
                                                                                                  SHA1:4BAAD0103B2EFDAEF9FB1C2B7FD742A2E9DFFD32
                                                                                                  SHA-256:B05DA2F982432D6BEE7604DD04E0E8FF5D5CD160E4156A71C27AB7F1D7FC619F
                                                                                                  SHA-512:E3EBACBE12013E6A690E6E9DAFEB09E43F276F1C9648CD125F8A68552B84CEEAE47ED727AD16603178B0F7477B03236AFC96E811CC33B206EE114C46FA350BE7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2018 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\StackView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3388
                                                                                                  Entropy (8bit):4.8990700467566635
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ijQQLet9LGtDFLfCtP:nd5CB7fdpF6sQLet9LGtDFLfCtP
                                                                                                  MD5:0845F8209BAC4A8AD3409DBDA985AE6B
                                                                                                  SHA1:F143660B4B9FC3E107D798121A995038585ADBE2
                                                                                                  SHA-256:1FB2C1779F30B431D2BFF35948DB799AB409528F39742F2325BF5601E5EDB7EC
                                                                                                  SHA-512:01FD4E84AB2353936220F36F3A80A8A5323DD5D108F9F3985384B495CC9947A33875D2604ABD4406944FEFB1A8F0F3B43E9606DA25200F3D3BB13C506D5C85FF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SwipeDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3841
                                                                                                  Entropy (8bit):4.788731261366922
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhginQ3JFbtoM2LuJkXx2MCblE7OG:nd5CB7fdpFGnQ3vpoM2ukXx2MCbW7OG
                                                                                                  MD5:E2799AB66803065646838BF4B6059F9A
                                                                                                  SHA1:E2B4F672B00CEB5F9A87056DED3308755AAB1C81
                                                                                                  SHA-256:A1845B21F9FB5163E00DBE0C2EB6761930DC15CBD04D29C624FD0774849A81BE
                                                                                                  SHA-512:6BCE7B2B1CBE8F4BDE8A68A88725091ABC713A32566112598B5ED2418F8CEFAEA4B20E0BAA8CB154D0CA31B14B336AB5027775E5ECAD483944D8E8A62589ABC7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Switch.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3230
                                                                                                  Entropy (8bit):4.8302682043142635
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igaiQ3JFbtoMwx10J4i0xeskxICUlLQ:nd5CB7fdpF6Nl3vpoM/RgWpD
                                                                                                  MD5:415BC326337D27F9C84C6AF2FE9534A0
                                                                                                  SHA1:906D3DCC493BA53667351492BFFFF80D88450884
                                                                                                  SHA-256:41D3A1564F0DF044A541CBCF96CCE0404C6909B198C18B5F7A6B079E766EDBCB
                                                                                                  SHA-512:61F8B564366EF1A123940BB529B606CBA093DB2C811BE4C2D141BECDACC1B7B1FB9AE00BB825B4CBAF6BA844F7C2B4746D041555DDB8547248E3528C7B4C33EF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SwitchDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4191
                                                                                                  Entropy (8bit):4.818843049822159
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFGnNu3vpoM2ASickXx2MIb+n:nd0Bhp3J2A5xvBn
                                                                                                  MD5:00A6BFFB5C8E7EF66140ECA140CF41FC
                                                                                                  SHA1:6112AFF0672F25CC5261189241E1856206687F11
                                                                                                  SHA-256:6183952A78E9513F90343244FF7FB94ED71FC24329533FBCF983F13A73805E0B
                                                                                                  SHA-512:B5360F9C7C4647EE00A5EE660F98E04DB5F6EF889BA6E689F40DA77B412EED93D9B8FF213DBC2E4EBA1CD1F1B8A173A3B2D47F67BE137E3F912DD6D3A52D8289
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\SwitchIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3749
                                                                                                  Entropy (8bit):4.773499896099176
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9i5b76uiN73cfWyTnTY:nd5CB7fdpF65b7EM/jTY
                                                                                                  MD5:408ABDB483638C73F45F54B8DFB8750A
                                                                                                  SHA1:EBEBA2A6A99A038B96B2559679D42757E9DEC6CF
                                                                                                  SHA-256:B43EDACFBC91550236975CE77CE1EC7F0A611E4399C642284BBBC43419E24322
                                                                                                  SHA-512:421D68BD795D2958A72E2DF19F9173C83D6657EE256DEC1DBC9B84558AF55A46E0C4695DD43CB91BA797E59A86F09A0086E4AD9A387A26BD8695577785132356
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TabBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2859
                                                                                                  Entropy (8bit):4.856566390652683
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9imQ3JFw0mwlc0jisC:nd5CB7fdpF6p3v5mNHP
                                                                                                  MD5:92413583ABC598468E5A08F8743591EB
                                                                                                  SHA1:DE75EB1671C40C4D6C1076F227E9D67CE9553062
                                                                                                  SHA-256:2ED1060C8E0886E36EF63B9F3A401D75E97EF54C16F2A9F3B2DD8463D013A014
                                                                                                  SHA-512:F4E5799F9B6CB00C8CD516BD5F6762784910C9DA5858BA17AECD21D964E0BE0EEEA6C5679889567E6612D7A39852736D859176431B00981A88824F2B2699F885
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TabButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3082
                                                                                                  Entropy (8bit):4.806664956509386
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mhgi5Q3JFbtPumkXxL:nd5CB7fdpFGnS3vplkXxL
                                                                                                  MD5:F935656067114BEBE3FBB5E1B060CB36
                                                                                                  SHA1:316C55985EE466FD2CD2E6AB1EE7A99BD4B58EC8
                                                                                                  SHA-256:13C688005A1D38A943E4C971814067E388F5288F1EAF253244EE444E4456F967
                                                                                                  SHA-512:673BFE928F2EDF0F0F7B1504E1CCF6B52CE120F17029FFDCB923A57439DE05D97DD39D87A8EE7C73EDAA48175B6877A9C68F9A4F6DF8A34566F299BF24C70EEE
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TextArea.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4336
                                                                                                  Entropy (8bit):4.801117075800774
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9Mhgi4Q3JgZLzA9Cd7ryljygyy/PCyQMYN6b:nd5CB7fdpFGnr3ONsyaluyQra
                                                                                                  MD5:1E396B6F1AE7085E3C629914AE18CD21
                                                                                                  SHA1:18039DD354BAE88FB0993F72BB1F4F61540BA30D
                                                                                                  SHA-256:541E88FA989E7D56961E7969645E4DA4004BAB7342D9BE5A53452C716B05381A
                                                                                                  SHA-512:D503732EE4CE3C9E72F3636D988B68A47DC33553B15F00EB87C49683A40F9F77F1346FBB30035585FC45389308BDDEA9EE24216550A34CA6134565F52A234E9B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\TextField.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4319
                                                                                                  Entropy (8bit):4.824043771387485
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgizQ3Tw/nP0p9Cd7rS+jygyy/PCyQMYN6b:nd5CB7fdpFGn83TcszyDuyQra
                                                                                                  MD5:9B0751751CBDC555F47E3286BBB77953
                                                                                                  SHA1:8CDFC51C00A7A8DAC5A636ACD0C409BC194CB337
                                                                                                  SHA-256:BC9BE32033EC2EF5C9FF140D7F21D12B293557DF6FD285CF467E7AD895D20E53
                                                                                                  SHA-512:2FA7A0DC1657F24081A34864A71041F5C4582D9B54A69601A0B9269A6DC0C45D84FD66A1FC62A37EC58BAECEF7D142CE970BBF42912970F1D93016352E034C65
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2359
                                                                                                  Entropy (8bit):4.849036051905213
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iVQ3JFw0nkH8Nb:nd5CB7fdpF6O3v5nbp
                                                                                                  MD5:AE20FD05FA8EB6037E6FEEED24254E4B
                                                                                                  SHA1:74D9C01353EA4B8A14FB93B16D1B2E7CB31BB4EE
                                                                                                  SHA-256:31519E86E9522627C42B95685226213CED9EC312997A00D5529847009E0E6789
                                                                                                  SHA-512:20275BE170D8B61383146C0CE15E0376736941178662D499AAA26EC97F58E8C488C6393A13F82BD15128DB32480363B4ED3C9096AF97FE7E4CAFF52163420F2F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3315
                                                                                                  Entropy (8bit):4.835599944070907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9MhgiAQ3JFbt7uI/kXx5ykHYwrbix:nd5CB7fdpFGnT3vpfkXx5yNgbO
                                                                                                  MD5:77E3A69CA01C54E4424820D937D014DA
                                                                                                  SHA1:FF23A5190097D083DEDFB5F8215A3DCE8FB7699A
                                                                                                  SHA-256:EB353F7EFCB8C77E1ED23EA612FEC9F394D495D5DA4BE3A851CFF9B22072C239
                                                                                                  SHA-512:1DCF1DE5A7A70B0519BA0E6F1B8631BDF5D1BC168703454AF9D0365ECF05527F9B3156420D471DC59233E5ED5E15AB863B594FBE29768CD39A1A44503F90925C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolSeparator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2564
                                                                                                  Entropy (8bit):4.855878718510748
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9iDDQ3JFbtS6uSb:nd5CB7fdpF6w3vpSDS
                                                                                                  MD5:96D4B0987608270E92965C2FCB1246D6
                                                                                                  SHA1:0D889A38EB375B90F2DFAC4FCD41DC09F1FDA92B
                                                                                                  SHA-256:42FB514CD92C9C87A80EDE4BD648758CF54F74CC05D3338AB76326FBC4D09A1F
                                                                                                  SHA-512:39597673F408F531E4A6812A9E794D233A398206826B6B450C5E18977852AD35C548941D6671C56AD32EB7398A4863CF54A13B74CF90343A168A3EB3265F6A38
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\ToolTip.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2919
                                                                                                  Entropy (8bit):4.873465289167498
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9ilQ3owJFw0jWrOaFD:nd5CB7fdpF6e35v5jq
                                                                                                  MD5:6B7AFC1DB3A32DB1541023A199F64909
                                                                                                  SHA1:F80875DD56C24CF6EEE538C0AEC0171BF08BC28C
                                                                                                  SHA-256:8C3F4A1AD480B81934A91171C67D61651F39C87FDFFEF348045D492E6EAD32B6
                                                                                                  SHA-512:92024C59DDE029A5B4F1707F0310638CFC6E110E05E8A13A2623D0933FB7E2797326129B22F9171500E804E3EBBECC1B8D7BDD3737E5C3DFDFDEB143549CDB94
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\Tumbler.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3319
                                                                                                  Entropy (8bit):4.8279801671890015
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9O9igMhtQ3JFI4Ctf/KeGlZusHPwLA:nd5CB7fdpF6xG3vInyrwE
                                                                                                  MD5:2A009241245A2ECF132569C737FFEC1F
                                                                                                  SHA1:225D896E1FC4D7BE40B5E7C16AE7E6E8E095DF18
                                                                                                  SHA-256:3B17958A4ADDBD57365B0EE41ADD4F3F80F1CEB35C9E8FF1268E706B7AEE6AD9
                                                                                                  SHA-512:DE81361CB3C1C5713F2627CBD005AD38C1C543DA36716B6E27FE08A8C21FA8E7E2D68C94C991EFBFEFC0CBCF07C9EDCA604211F0D8543FD1E2EEDFFF6372FA2B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\VerticalHeaderView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2996
                                                                                                  Entropy (8bit):4.822220527499383
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvx8cIQ3rNqYJaFbbUWlF:L5CB7fdpFG3BqY8b1
                                                                                                  MD5:B6908BB475283A82C04F52B8C3584B8A
                                                                                                  SHA1:9DE2170C912B514B5ED1F7EC697EC141799FDEFA
                                                                                                  SHA-256:FEBA09AC8F1B9CBDA59D0EAC4AB68446414C0720A6FEE19351FE1CA1A12612E0
                                                                                                  SHA-512:E9FAA144238C42A583435D5B69DD9D1FBBF6578E0B4229B1312995183B8F0261435605793BFF3B41BBA423CF390116CA275F7FCBEBEDDAF62FFC066572EC8C80
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13897
                                                                                                  Entropy (8bit):4.371650370083731
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:X+f/XO0eXiqegTmSc4EhouBsDTl6tlK9jFoY3D3yEbfbiseVpTHD3aIq9EgJLeJo:nEssKhFv
                                                                                                  MD5:1AD125081A90751A1B242718BC778618
                                                                                                  SHA1:28A24F7233FCBC29E7C4F3101E617610AC099756
                                                                                                  SHA-256:3422578EFD36D424686F0FEA58A6DB6E2BE606DEB4CA3584143ECD23D9399516
                                                                                                  SHA-512:680D8C1254335434960EDADA3760D65DBFCB94F0F1815FB7C432CE0E757A89329A2BB4D0C21D8E66ECC184DA737433B73ECC2CED12E8B2CD3261EE44717CEF6F
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Controls.Universal 2.15'....Module {.. dependencies: ["QtQuick.Controls 2.0"].. Component { name: "QQuickAttachedObject"; prototype: "QObject" }.. Component {.. name: "QQuickItem".. defaultProperty: "data".. prototype: "QObject".. Enum {.. name: "Flags".. values: {.. "ItemClipsChildrenToShape": 1,.. "ItemAcceptsInputMethod": 2,.. "ItemIsFocusScope": 4,.. "ItemHasContents": 8,.. "ItemAcceptsDrops": 16.. }.. }.. Enum {.. name: "TransformOrigin".. values: {.. "TopLeft": 0,.. "Top": 1,.. "TopRight": 2,..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):158
                                                                                                  Entropy (8bit):4.58971464637918
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BV9NKH4TAXDJoNMURCNC4MXWEJWiwhvyWmopCxKbbJ26akyxRS9NKSvn:xVfW4TAXVoNMU74MXWgWiw58oIst2J58
                                                                                                  MD5:62CA2AD26A8B534945019A03A4C386F8
                                                                                                  SHA1:FDD59AEF9ABE3682A09152FD8C0B5C7A7691E5FB
                                                                                                  SHA-256:1150344EDEB157FAA029A8D93A79B6C6D80E97B492D67F1AB636EFB156E7B19D
                                                                                                  SHA-512:04D4DFABC37079461913B845CE43CC6358E23CCF1A19AC97477143554179B05249C636584CB03CE2B5F5903E309D98E7C5CA3CA651FDBB369362ADA8393F4A3C
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls.Universal..plugin qtquickcontrols2universalstyleplugin..classname QtQuickControls2UniversalStylePlugin..depends QtQuick.Controls 2.5..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):601208
                                                                                                  Entropy (8bit):4.759077407408473
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:m2mN9upIp/pGp8pzpLpcpopGpxpYpLpupDpwpXp+pWpupBpIpipWpPpXp3p3pIpn:9mNDEh
                                                                                                  MD5:AF7D96D92E26CA7E757F787B1E6048AF
                                                                                                  SHA1:0F0B4A76EC2E35673941D637BE19A916BAD6210C
                                                                                                  SHA-256:C7257EC592AB07C1BF70F627A451284DAF7E630225107F0E1F95DAE2C7888463
                                                                                                  SHA-512:035168E1B829DE8DEC0A7649652FE643D26A871958A0D18090E998B0884CBD47BBD6BAC69B80212CD8BF002345657C7A98B7F225A96F104C220D22DD7CBADEDE
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w.....S...S...S.nqS...S!{.R...S.~.R...S!{.R...S!{.R...S!{.R...Shx.R...S...S...Shx.R...Shx.R...Shx.S...Shx.R...SRich...S........PE..L...[r.^...........!................%.....................................................@..........................................P..................x....`..<.......T...........................X...@...............p............................text...D........................... ..`.rdata...V.......X..................@..@.data....*..........................@....qtmetad.....@......................@..P.rsrc........P......................@..@.reloc..<....`......................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\VerticalHeaderView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2833
                                                                                                  Entropy (8bit):4.809421054317256
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:M25H6E+iCsAaKj7fOWIkFy9lvAQ3rNqYJ3FbbUWlF:L5CB7fdpFk3BqYvb1
                                                                                                  MD5:F5CD8AC746B6994ED71FF8301B42A56B
                                                                                                  SHA1:BA037B256EE49D9FC2C30BD11CCB8A01993A38B5
                                                                                                  SHA-256:1D4F3F1D0DBB8CAE0D392C2556889C9639A1A51B055E47BDAABEDBD33BD4A934
                                                                                                  SHA-512:6B465228D5918FC4A1EB093A0896ABFBD11A57ABD2641A6F89581B063E6537F5BEC2B33084F873871026526C39741A10CE11C0F52BE80B35257EC86F7BD27E75
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2020 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\AbstractButtonSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4189
                                                                                                  Entropy (8bit):4.590051340924354
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0u7LZgzapSRSSP3+jg0cxca/edd3ExnAOY9:nd5CB7fdpFFC7La2u/+jg0Za/M3MnFY9
                                                                                                  MD5:A63F43FAE673A9B791CEC4ED6BBCFD3F
                                                                                                  SHA1:FB4E604269821F309AD5029C76027D1E0FD9B4EC
                                                                                                  SHA-256:8185529D14235068BCD043ADF55880DFE504CEA3387049EBEACC53DC6B050947
                                                                                                  SHA-512:DDD381FCD59BBEF6A90EE79F682264BB3C4E96977F7DF6AEC5A3E44E317FB97E6A5D91935E6C1D15C81A903A5B914CC374738CD2ACD98E2546CE11626821EA18
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\BusyIndicatorSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2627
                                                                                                  Entropy (8bit):4.723364711234391
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuDIbtMjFLi:nd5CB7fdpFFFLuWtMjFLi
                                                                                                  MD5:36277E316A15296D604D0A82E0FBFB0E
                                                                                                  SHA1:7A2A8FF4A15037B945255612CBE461BD50E93F71
                                                                                                  SHA-256:A6F736C2713B08F6AAA5CB51019FBB393AC6C57B75EF5E4005D29EFF48A92A98
                                                                                                  SHA-512:3EAFE4467611E9FA4C89E950D77620FE4AB4801A657D8641C9E2E24C4696CD08681A8DC7952C2811FE09CE0C61EB73FCE7C2C7CDC41E3C063760D77976304E5F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ButtonSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3105
                                                                                                  Entropy (8bit):4.707682721934341
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym02AEBLJOYHtrDB39:nd5CB7fdpFF6AE0YNr939
                                                                                                  MD5:029323EE757A222E8DF48E7EBF04BD93
                                                                                                  SHA1:035A38F873407E253C4AF63A11497B8CCDF3D478
                                                                                                  SHA-256:1D571BABABB04CE5FE55B1D0F1DD362EACC304BDE7125DED0D218D9CE6DF03C4
                                                                                                  SHA-512:683E786555E4039963765306EC6BBCB319207452E912148E29FE1BA9FEA2282AF474B1ACA2366CF28F9412E8BA538BFCB8CA99314719297D0F969E12043DBF1D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ButtonSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2192
                                                                                                  Entropy (8bit):4.788553950637862
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lot5y3jFLi:nd5CB7fdpFFFLot5y3jFLi
                                                                                                  MD5:920C6A6B84D14E1995291B8177A1141C
                                                                                                  SHA1:C9AB88CC4C09EFBBBA25B63A70479D3159A837BE
                                                                                                  SHA-256:9CD02378488E8DDC891CBC1E7718BE197088A628D07100ED2D676B958F57B81E
                                                                                                  SHA-512:1FC8193CA7FBBFD005A4D8169535789086460F4F2272086FE44DA7C9E793F9E4B056A5F7D9BBB25BD818DC56A7FD96864F6EB8ABB244E5C27644FC8D9BA04C22
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\CheckBoxSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2226
                                                                                                  Entropy (8bit):4.806035630450304
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LYsiqy3jFLi:nd5CB7fdpFFFLYsVy3jFLi
                                                                                                  MD5:E7BE5C88888A3B8CDD14788A9950EEAE
                                                                                                  SHA1:04AFEB4DA0CD3801F0F3266C442A51C9045A15BD
                                                                                                  SHA-256:39DC04660C2F4FC02971098B9E261A2F7123887C565F52582278DDB9B7771FBE
                                                                                                  SHA-512:2624E6D94F8A43CB9E59FA90CDD7BB221C0494E5D3EF1CC5006F09181A97713DD86A2C9688E956A9487280A5366867E423ED39A9B40FA6D51AAF03E271150014
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\CheckDelegateSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2296
                                                                                                  Entropy (8bit):4.795325715833799
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LYsW5y3jFLi:nd5CB7fdpFFFLYsW5y3jFLi
                                                                                                  MD5:F06ED234814DF3A8F4A2040A69CA258B
                                                                                                  SHA1:4913E605AFC2DD5C97276140CCC8581983F9AC57
                                                                                                  SHA-256:150FC7ADEAF4751CD91440C69E0D9671F141E5B4C439EF886DC863256241A898
                                                                                                  SHA-512:1161A17C7038F1527787FACE844D211226D70E16BDA1607E1F58F0C77E290184885E2DD209EE6C46F5DB9BCFEA6060E636115C702297EEF6D573DD47213F1625
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\CheckSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2661
                                                                                                  Entropy (8bit):4.738841008151935
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0QoXrEub+HY5Yz9:nd5CB7fdpFF8uXq9
                                                                                                  MD5:0BA3D106DE56655688B8C59D7C1A1A16
                                                                                                  SHA1:919D19801E710EC9222DCC79C59AF36B1B81B0A0
                                                                                                  SHA-256:70A6DFF9A723B4E2F312ED48F5BA8E3EC7C64252FAF4DD565359294D26A89678
                                                                                                  SHA-512:FCE134B09BF86FAD943230B173547AC9A029E60B60E43FFF95DD5358C2D80424131A5F1029264DFEDE432E7BC0D84A8B23195E23E06109FCC527392BC97A7777
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ComboBoxSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4090
                                                                                                  Entropy (8bit):4.509515420842468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuUE4DeaHjp2bU9ygOtrWp/LweMjFLi:nd5CB7fdpFFFLu6Dlj8bFgwrULDMjFLi
                                                                                                  MD5:CC5D05E0AE46BE8C3CD68C05B0D90A9C
                                                                                                  SHA1:CAC3FF7D53A5C59D60E58E2A6468A32B8BB435F6
                                                                                                  SHA-256:7B4A6BA8F165CEAD72123F9BC3EC1A52CACBABFC87066BF352CF2330AC54FA37
                                                                                                  SHA-512:BA61CADB7E22AC5C77DB201CBF71DC9F2A2FBCF47568DC4B54247A00F1B3109EE95839B80FACFA732568F7C142FE8007EF79B1D63E0697575FDA88D396851570
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ContainerSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2336
                                                                                                  Entropy (8bit):4.7901862758502345
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0ZqHTJmr9:nd5CB7fdpFF8Tsr9
                                                                                                  MD5:9780B490F860F1A42730957553F0E005
                                                                                                  SHA1:E7E9F3F698B9E5D6693DEF15A4AD8C15CE6591F2
                                                                                                  SHA-256:FD19D8ED1D61F83D67FC363C2E28A76372CDD4D88CF9A90EBB2F74D5E5FD09A2
                                                                                                  SHA-512:69178CAC56FC5F7A407B87A0455506AC8F331903B36864AC085F02EF5E2349261F69EEFEE634EFFB0F3BA1E4A63139195A6B90F41D5DCC8CBEB725EB6CFB5B01
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ControlSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3879
                                                                                                  Entropy (8bit):4.629906109492094
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0IzBv3TsX2abpCx3beJYTqHTJea7BNW3wT9:nd5CB7fdpFFOvfkpM3beJTTMa7aM9
                                                                                                  MD5:AAC3BEB69F29E994CCBB7D2C5CE534E7
                                                                                                  SHA1:115B2613F5726127111AA9CC90EA81904803ACD3
                                                                                                  SHA-256:035B175029DA2D72694B2E7A0A6D13F63C73D6AEC9AB614F9C97FAC2A66CF53A
                                                                                                  SHA-512:D30E177EE91A1D336AC5FEC2AE345D8D3180BA8FEE0315C107750CDB5A06EFB9C28DC8C52AC652555530A71B77E148B0CDDD8D446FDE4C3EB5D729E4EC49190B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ControlSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2066
                                                                                                  Entropy (8bit):4.797894120379283
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L3jFLi:nd5CB7fdpFFFL3jFLi
                                                                                                  MD5:B450EBA19443A3DF0571977CEAF495D8
                                                                                                  SHA1:B35B0C22629222F33BDA33156C178AF505808906
                                                                                                  SHA-256:34F14E5B36DE01740DC8A7C571FF8CE65BCEB7FC4C26F906E10C08773B644AE6
                                                                                                  SHA-512:CD145A9FA4ECDDC55F133A64FD693EADF2CE3C22AF599585E9B0B350827AE9309F9345C79756DA2F0CA9230B62085863924B5AF4D9417DFBF5C30F124C3354DD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\DelayButtonSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2736
                                                                                                  Entropy (8bit):4.684553443125928
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuhZNaH/NPwy3jFLi:nd5CB7fdpFFFLucBwy3jFLi
                                                                                                  MD5:CA6FBCA4034AB0C1FC8D58C50AA2E3CF
                                                                                                  SHA1:3F15AD98B82F88ED01656C1AA337492AF5A6A338
                                                                                                  SHA-256:CE45196E4B042826A80FE153EDC7ED6796D19915DDA1B91C82CDED33184E1204
                                                                                                  SHA-512:2CFA38A0E3939711A9024192C77FE1E087A368359945128B2DAE86D048A3746A7492E0B66171067C09B53F4640237791C2E99461066745918F0B14EA688A7820
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\DialSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5553
                                                                                                  Entropy (8bit):4.313373780789749
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFFFLu/chFKjs0jj5Ujv9DuWj4Z6MjFLi:nd0BhpnphFTAq9Drj4Z6z
                                                                                                  MD5:5BE0C7FA4F12F0CD8E7BE7B30D6A4C31
                                                                                                  SHA1:D9CEDD7E15A42895388FF05C95ECB9C1EC2C8E39
                                                                                                  SHA-256:E393F05D340D5A3DEE3B1D72FA8D2436FE6A22C55F84E7033EFD41B12A2EFA00
                                                                                                  SHA-512:19FF325A2A1E38E69EB71F65147C6C07A580731B1D6F951B00888A1540343527B550C0AE9B1C95845F1C86054821E9271D7BFAD5642DBAEAE3371A3D0BB5C26C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\FrameSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2123
                                                                                                  Entropy (8bit):4.790296350072608
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LZy3jFLi:nd5CB7fdpFFFLZy3jFLi
                                                                                                  MD5:C24D49381CF8B3E6098FDA1C27527E56
                                                                                                  SHA1:4C78067E28C7FC742C52461585EDF9113483E5D0
                                                                                                  SHA-256:B3BA820FF86BF5EDE7116543342393AB2279C2DEB37C23CE3D240A1F114F16EF
                                                                                                  SHA-512:89022C8518525601024B6C63CA425FAE6F0010D1A167FF7EEF6B7526F6AC634C856811B43D18E0555821F1286895A44F1D7DBA6FC26AB58A50E15FE1FFF64308
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\GroupBoxSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2579
                                                                                                  Entropy (8bit):4.710846092907281
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lu99My3jFLi:nd5CB7fdpFFFLuvMy3jFLi
                                                                                                  MD5:977771B918B7ECD33A6F9E5873372BBF
                                                                                                  SHA1:3B2C4E8CC47B061A566AFCFF3B7F59535D439275
                                                                                                  SHA-256:DEDBD77A8B002762B5A5AEB65E369CF7DAA9767FE68360D5F8654CC60562FD45
                                                                                                  SHA-512:148CD83B7C63E9ED80E598ED58B1EFD7F66A3BE562422B59EDE0E91043974F9D53FF0FE0EC61DF7B3BFEF439398ED618552016275A6326A9C9596B70DD1DE80E
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ItemDelegateSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2321
                                                                                                  Entropy (8bit):4.79619373368411
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym02AWB39:nd5CB7fdpFF6AC39
                                                                                                  MD5:A82851C44140F5CAF39AC21DBBC7AEB3
                                                                                                  SHA1:A3D673235E30071D0ED23BE75008D76F6BF6B399
                                                                                                  SHA-256:18DA14C91C710F8CFA69C676103D2621CD7E0FBA23C75BF640E1ED377EE8BA31
                                                                                                  SHA-512:55BDF1DA7EFA1879FFDE53FF2275026ED45B6CFF7FED8191143C15ACDB86AA0727FDD9B909035E420E66775D1EDA22463A31183AC9C527B35BE2D1D7D66063B2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ItemDelegateSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2198
                                                                                                  Entropy (8bit):4.789736142433364
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jFLi:nd5CB7fdpFFFLq5y3jFLi
                                                                                                  MD5:DF7E32B0E18BD35FA8453CB1263886B9
                                                                                                  SHA1:F4336C9380A7FBEE4DFBC17C545B409364F7F8B3
                                                                                                  SHA-256:8207C603C9DE51D9954302DD9DF559A1DF70E0A9658AF62637229B5A2437EEC3
                                                                                                  SHA-512:21D4E9B1D71C5EA9C7C66E5BACEAD5D4857AC109F7452D81C6D793F8843DD1D6F9194011E41259CDB9E3FAECC04675A1433A2DFCBF0B758FF97CBD068FD95732
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\LabelSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2765
                                                                                                  Entropy (8bit):4.763525400412589
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LQq7RHw0XTMwNBSXTMg9kaLi:nd5CB7fdpFFFLQq7RQgTMaUTMaLi
                                                                                                  MD5:694FAB78BEFDB14F35041554D48137A5
                                                                                                  SHA1:5B97BB7DECAD79665F84CF134EC095789E2BCE85
                                                                                                  SHA-256:96ADEC8E69C1F604606A94731F54F0596CD3CD9DABA606BEF7D9188D5C6BFDEC
                                                                                                  SHA-512:99A856097295ABED2DFB28ED8D9301B2ED9DBB8E6590B92E40CCC8C0AB25485EA27E6352CBF0F98C8C830888B6E7864A55442505E46C344E1B43D3BE9C6A2A41
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PaddingSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3681
                                                                                                  Entropy (8bit):4.600699886807315
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym0oAsTqHTJvdADYTqHTJl9ZTqHTJcqXOTqHTJPp:nd5CB7fdpFFdvTFCDTT394T2qJTVr9
                                                                                                  MD5:C430765B66BE6227979D4BFC4E13486A
                                                                                                  SHA1:294F8E24765F9766AEA812FFD033072629F1C6EA
                                                                                                  SHA-256:BED58EBA4585F280EFBD5869DC4730BDBC46863D392DBCBE6EE3241AF08609EC
                                                                                                  SHA-512:9663030B63C24B3A91A7E496FB4366BC183FFC2CC09AC956B873A5874231C15C988F773E8F799008152D1552553C67AF4D195959B7A6124048F61E90A81A9615
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PageIndicatorSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3102
                                                                                                  Entropy (8bit):4.607400853139826
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuJ0aHjpAOaHjp2bMjFLi:nd5CB7fdpFFFLutjSVj8bMjFLi
                                                                                                  MD5:FD043C79B423BBC94EFD52C4BB1B36E1
                                                                                                  SHA1:F9A9715BA6880028CA0427507F8C2DF383B0B476
                                                                                                  SHA-256:0A069EE94955D20611B5B869F5DB9C96E98E1447E96C5C975021720183A5D61C
                                                                                                  SHA-512:BC4BDC6982F3F677BA84BA51B867D3A291C204A3ACBB5913B351574F5B59D5F3629014A22E51C01B6ACBA333CD0A9442A2AC714D21D24AD2B57A39915451A3BD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PageSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3512
                                                                                                  Entropy (8bit):4.536455819119471
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuU9cvaHjpEuaHjpj5MjFLi:nd5CB7fdpFFFLuQcqjy1jp5MjFLi
                                                                                                  MD5:F28678714CF8AC3FE1D3DF5790A849B4
                                                                                                  SHA1:57D7DB50C11255DE0861F8B086D0B1125D4A8A98
                                                                                                  SHA-256:3A2D06290528BD90BBFEE7E532277543340BC33741970BE1F0CD7B743F62F60D
                                                                                                  SHA-512:AE1082E8B797592ACFDD4B938F143D2C31728F462CC1ED50F6F7D38C1E517D6E74F2DA3CADBCC55BC48A38685ADC1F036E662C78CD01C1416BC11FFAC91309DA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PaneSection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2819
                                                                                                  Entropy (8bit):4.72358971509432
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym08fqHTJ0eqHTJTp9:nd5CB7fdpFFIKTClTZp9
                                                                                                  MD5:CD9A097C784EC8FC092609C354D93AD4
                                                                                                  SHA1:1496DEFA81A88DFF13AC4534549F30E0A65A2F41
                                                                                                  SHA-256:A10517398E8DC800A587D94BF8658C0580A99115800E7EB8D6DAF8B0D9C59887
                                                                                                  SHA-512:FC8BE8FD0D8570F01AD314FD4BF6C6D3418F1045384578E60A89F05DB6C583C7DFAE47C0F0AC32C9708F62E8AA0DF718634D6A9A717F2254E1A1E839C1961462
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\PaneSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2123
                                                                                                  Entropy (8bit):4.790296350072608
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LZy3jFLi:nd5CB7fdpFFFLZy3jFLi
                                                                                                  MD5:C24D49381CF8B3E6098FDA1C27527E56
                                                                                                  SHA1:4C78067E28C7FC742C52461585EDF9113483E5D0
                                                                                                  SHA-256:B3BA820FF86BF5EDE7116543342393AB2279C2DEB37C23CE3D240A1F114F16EF
                                                                                                  SHA-512:89022C8518525601024B6C63CA425FAE6F0010D1A167FF7EEF6B7526F6AC634C856811B43D18E0555821F1286895A44F1D7DBA6FC26AB58A50E15FE1FFF64308
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ProgressBarSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4195
                                                                                                  Entropy (8bit):4.466402741760662
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFFFLuqvWiiwGgchFwjsmjj5MjFLi:nd0Bhpn65hFV2z
                                                                                                  MD5:4DF82CF68626823EB6BB0313B2E8BB65
                                                                                                  SHA1:8E27BA0590C8C879675400C7C534836DE25FF029
                                                                                                  SHA-256:94DAB06A5B0FD568E5B9E622A9CCB72607D371D1849970DD6DBAE3355D1D3712
                                                                                                  SHA-512:03F9A3F45E818199FC211FC3C260352237E99310966E10644D273EFFA8B08DD1F56DD20C331172733114E087AF42712087BA092638AE3538FAEB119ED1FBE345
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RadioButtonSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2133
                                                                                                  Entropy (8bit):4.795371325434706
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L5y3jFLi:nd5CB7fdpFFFL5y3jFLi
                                                                                                  MD5:95806D0BFADF617CDB91B9BAACAB5429
                                                                                                  SHA1:2102999EC25BE88F138EA7C8FBF2A1BF4454C766
                                                                                                  SHA-256:07911DFF4B3128DE29FB83223A78878F9E972F35A596429861C7EA7956923B2D
                                                                                                  SHA-512:00D3B1DD1D764859249A5997EC4B2EC68FDF7C245A3AD4276A81370B2F43090F41D32DE48D94307703436E661EBAF64FF96332F109B0E611B74521F28C8F8004
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RadioDelegateSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2198
                                                                                                  Entropy (8bit):4.789736142433364
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jFLi:nd5CB7fdpFFFLq5y3jFLi
                                                                                                  MD5:DF7E32B0E18BD35FA8453CB1263886B9
                                                                                                  SHA1:F4336C9380A7FBEE4DFBC17C545B409364F7F8B3
                                                                                                  SHA-256:8207C603C9DE51D9954302DD9DF559A1DF70E0A9658AF62637229B5A2437EEC3
                                                                                                  SHA-512:21D4E9B1D71C5EA9C7C66E5BACEAD5D4857AC109F7452D81C6D793F8843DD1D6F9194011E41259CDB9E3FAECC04675A1433A2DFCBF0B758FF97CBD068FD95732
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RangeSliderSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6246
                                                                                                  Entropy (8bit):4.292176098194881
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFFFLuGwEhAzhFejsUjj5gjvrYZvnuWMjFLi:nd0BhpnaEhQhFHgGrYZvnrz
                                                                                                  MD5:07391BF9E1292ADA8FAF330A6CFA1BC8
                                                                                                  SHA1:8983A39BB78677BFAE16D7D58C9C9B727DEC505E
                                                                                                  SHA-256:20E2D4565D23C80E7760476B7E657C8AEC18D600DB571A632FE47E0F407D5B81
                                                                                                  SHA-512:2BA9A83118B50F58B9B10F5E59657DDA019127ED9405C694A9BAD4100280BAB580C9BF5CAD91879B3C825F7BFC909CBCBC9FC3DBD091A9DA0F9878DB42933E82
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\RoundButtonSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2737
                                                                                                  Entropy (8bit):4.704967927107907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LgaHjpJPt5y3jFLi:nd5CB7fdpFFFLDjrPt5y3jFLi
                                                                                                  MD5:ADEB2F9FA0589B096AC5492DFC6B83A3
                                                                                                  SHA1:159B39AF374902766BC85008AAF3682A81F9F8EA
                                                                                                  SHA-256:43B500393DEF954156B18636236FA2877694F31A61996DDF14810D6557BD630D
                                                                                                  SHA-512:832858C0CFDADC4F33A6F923665A04DEFCE73CF6011B9D9D902606C30CD28E28FFC073532891A2CDEA96C61B9DBB6AE356D90B40648010C9B38FF747E7992C96
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ScrollViewSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3195
                                                                                                  Entropy (8bit):4.6079588592166605
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lu6vaHjpEuaHjpj5MjFLi:nd5CB7fdpFFFLu6qjy1jp5MjFLi
                                                                                                  MD5:85DA810CC706B345D85F9769B904D139
                                                                                                  SHA1:B9F641481815ADDF96554B1AD41D8788487F0CB1
                                                                                                  SHA-256:CFBB83DB87541E7EDFAD94BC239EBEE295C60E2E40C8FE5DB08FBD231C328BF2
                                                                                                  SHA-512:8D342FBC16EB30F7644F4037CE3C94C60E8AFBE2499AF779B9079E574F8A8247966E305486E138DA88496E691C17B8922E2FC0A966044F8F618356F6ABF2BC44
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SliderSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5556
                                                                                                  Entropy (8bit):4.308086633594144
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFFFLuBchFDjsljj51jvqfHZvyuWMjFLi:nd0BhpnzhFUDdIHZvyrz
                                                                                                  MD5:DF8E409CF2FFF8CD3E3913EDFEFE8E85
                                                                                                  SHA1:C874C5A2A43AC1E24972A1F5AE43325FDBAE0A8D
                                                                                                  SHA-256:BDE4E19DED0005E859058F3A175282AC502AEFF7F447D5F8EBBFCA3279A54190
                                                                                                  SHA-512:849E7D44110F513C8C0F57B05CC032B463F1CE4FB64BB9BF6DCD2B05C4D6A5447369BCC09AA53781FC8E84EF53E957246B5F8F57C1B187B9C6F32DC7AD1721D1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SpinBoxSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4532
                                                                                                  Entropy (8bit):4.423438856397855
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:nd5CB7fdpFFFLu7rhF/jvNj85njYCgMjFLi:nd0BhpnchFzokpz
                                                                                                  MD5:4F9B4277EC2184EC0F3F499DFA9964D7
                                                                                                  SHA1:DA294070A5B810C04513C76AB807EFDE9E702557
                                                                                                  SHA-256:8B7DAB8EEA8E265D0A2264489898CD0DB82FAA1AB58793DAB316E39C5CC4FE8B
                                                                                                  SHA-512:34C969711D253528495340E585ED967FA95ACFB62EA7CB924FC02EAED74BF177B28EC789ED91BF5B8DC5D0A29F0640DF672D6F8C836EB833B1EE2E7AFCA7266F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\StackViewSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2066
                                                                                                  Entropy (8bit):4.797894120379283
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L3jFLi:nd5CB7fdpFFFL3jFLi
                                                                                                  MD5:B450EBA19443A3DF0571977CEAF495D8
                                                                                                  SHA1:B35B0C22629222F33BDA33156C178AF505808906
                                                                                                  SHA-256:34F14E5B36DE01740DC8A7C571FF8CE65BCEB7FC4C26F906E10C08773B644AE6
                                                                                                  SHA-512:CD145A9FA4ECDDC55F133A64FD693EADF2CE3C22AF599585E9B0B350827AE9309F9345C79756DA2F0CA9230B62085863924B5AF4D9417DFBF5C30F124C3354DD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwipeDelegateSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2198
                                                                                                  Entropy (8bit):4.789736142433364
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jFLi:nd5CB7fdpFFFLq5y3jFLi
                                                                                                  MD5:DF7E32B0E18BD35FA8453CB1263886B9
                                                                                                  SHA1:F4336C9380A7FBEE4DFBC17C545B409364F7F8B3
                                                                                                  SHA-256:8207C603C9DE51D9954302DD9DF559A1DF70E0A9658AF62637229B5A2437EEC3
                                                                                                  SHA-512:21D4E9B1D71C5EA9C7C66E5BACEAD5D4857AC109F7452D81C6D793F8843DD1D6F9194011E41259CDB9E3FAECC04675A1433A2DFCBF0B758FF97CBD068FD95732
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwipeViewSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3100
                                                                                                  Entropy (8bit):4.6223226231291985
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuGguECBCZrLMt3jFLi:nd5CB7fdpFFFLu5/CEZvMt3jFLi
                                                                                                  MD5:A2DF382A28EE2A85E65D72E6706BE9DD
                                                                                                  SHA1:8835926DC5E4491BDB5812C55B669D1BDC596DEA
                                                                                                  SHA-256:F0D87BE641213B0FF890C2E4069E32681A874646F3965C9C6927D32DE78335D7
                                                                                                  SHA-512:67B19EE99E51858D59395816A7E2433E7B0F228633C75662CE71F1B315FEA9CFC048A6220F86E740759B8A47E81883C50C7B9E98F37D81A79C7DB764AA9DAB45
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwitchDelegateSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2141
                                                                                                  Entropy (8bit):4.797308908670296
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lq5y3jLi:nd5CB7fdpFFFLq5y3jLi
                                                                                                  MD5:5740311FAD8393D3CD08CC7B64775779
                                                                                                  SHA1:29E2FEAFE34FEFFD690B8F102E87CAA9BA52E1A8
                                                                                                  SHA-256:45B33505F1DDBBDBE3B20D3511706ADFFE14A3A411CEAE6CBE92CCD4B73B0A66
                                                                                                  SHA-512:5A2E7E98FCF966F7170E13C8C505D26B402EF7653812E72DE2EF4D8B51F98DBE8F9C0FE32CC7684324F164671559801A10654C8BCBE54E7029A8864E04126479
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\SwitchSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2133
                                                                                                  Entropy (8bit):4.795371325434706
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L5y3jFLi:nd5CB7fdpFFFL5y3jFLi
                                                                                                  MD5:95806D0BFADF617CDB91B9BAACAB5429
                                                                                                  SHA1:2102999EC25BE88F138EA7C8FBF2A1BF4454C766
                                                                                                  SHA-256:07911DFF4B3128DE29FB83223A78878F9E972F35A596429861C7EA7956923B2D
                                                                                                  SHA-512:00D3B1DD1D764859249A5997EC4B2EC68FDF7C245A3AD4276A81370B2F43090F41D32DE48D94307703436E661EBAF64FF96332F109B0E611B74521F28C8F8004
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TabBarSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3675
                                                                                                  Entropy (8bit):4.529921894562925
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LumN9scvaHjpEuaHjpj5Mt3jFLi:nd5CB7fdpFFFLum3scqjy1jp5Mt3jFLi
                                                                                                  MD5:4FD60455B2BC1F81B99ACF8A05B7CD49
                                                                                                  SHA1:FF39078653B3F8F1EDAF53430B2D51F3A2581EAA
                                                                                                  SHA-256:EEEF272650B489F44319B5490575515A98CE50AB04503402BB9BA27F5F566AD7
                                                                                                  SHA-512:9D7013EC552FE93C153FF6EACB01CB6BA415A5259338FE6DE4518CDAE073D60ADB3CBE577EF450F42B66D62347A95337493276DC999F11C9A4350D11B6EBFAD0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TabButtonSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2133
                                                                                                  Entropy (8bit):4.795371325434706
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05L5y3jFLi:nd5CB7fdpFFFL5y3jFLi
                                                                                                  MD5:95806D0BFADF617CDB91B9BAACAB5429
                                                                                                  SHA1:2102999EC25BE88F138EA7C8FBF2A1BF4454C766
                                                                                                  SHA-256:07911DFF4B3128DE29FB83223A78878F9E972F35A596429861C7EA7956923B2D
                                                                                                  SHA-512:00D3B1DD1D764859249A5997EC4B2EC68FDF7C245A3AD4276A81370B2F43090F41D32DE48D94307703436E661EBAF64FF96332F109B0E611B74521F28C8F8004
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TextAreaSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2671
                                                                                                  Entropy (8bit):4.72151869806158
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuEDPg5Mq7RHw0Li:nd5CB7fdpFFFLuaPUMq7RQ0Li
                                                                                                  MD5:62B72DB372AF6CFEEE3985E9CD61CE6D
                                                                                                  SHA1:A047BDE19CBC6345BC62FFCA3EB1FCA2D2BA1576
                                                                                                  SHA-256:0979126C6959A3FA443DADBFAA011EE91E5B1527D43837FD75221C6170F9F090
                                                                                                  SHA-512:47D34ED9CF6149DCF8D7B7EE27D735C3E846B437C4EF5B230CF5C2AA9DE2751F3526009051E9E020D2E44285EE1207F69947440CF54869FF06066AB1C90E9945
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TextFieldSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2571
                                                                                                  Entropy (8bit):4.72459441578105
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lu8sDPg5MFLi:nd5CB7fdpFFFLu8iPUMFLi
                                                                                                  MD5:317C74CCB8937A07084B708C6F2E9056
                                                                                                  SHA1:438F35665C83701912EFE299E2DA61C03783A5DF
                                                                                                  SHA-256:40CFB38FE9F3B3EBEE99CB27CC61E76BBC06CB0FE77C20BA658DEE9090805357
                                                                                                  SHA-512:AB681BBAD9971C794EBE389EA8E65B840C0ABDFA914F30D0B56663BD7A703F51CD0475E365276FAE4B20E4D9BEE5539004AB95E6E3F8559136FAA4E4470D09CD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ToolBarSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2670
                                                                                                  Entropy (8bit):4.698654419425004
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuK97My3jFLi:nd5CB7fdpFFFLu87My3jFLi
                                                                                                  MD5:871BBA0EE60C356C2D7C83C9F240E957
                                                                                                  SHA1:EDFBA03D6D8146BFC3FF0E55DA400F06A5553D07
                                                                                                  SHA-256:3F0EC5B9A838CD155BA4426A7D91A9830D300BB2EC08E04685589815D7A20C1C
                                                                                                  SHA-512:1C9E86093A6027C28BCD94B714A7F959FC5DB3A7E289A6E55946ECB24E31D9CE8C96DC31CB5D8CCD5037CADA1BAC6F0F63250AF1FB190ADE5B2A133323B371F1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ToolButtonSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2192
                                                                                                  Entropy (8bit):4.788553950637862
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05Lot5y3jFLi:nd5CB7fdpFFFLot5y3jFLi
                                                                                                  MD5:920C6A6B84D14E1995291B8177A1141C
                                                                                                  SHA1:C9AB88CC4C09EFBBBA25B63A70479D3159A837BE
                                                                                                  SHA-256:9CD02378488E8DDC891CBC1E7718BE197088A628D07100ED2D676B958F57B81E
                                                                                                  SHA-512:1FC8193CA7FBBFD005A4D8169535789086460F4F2272086FE44DA7C9E793F9E4B056A5F7D9BBB25BD818DC56A7FD96864F6EB8ABB244E5C27644FC8D9BA04C22
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\ToolSeparatorSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2578
                                                                                                  Entropy (8bit):4.712580026164849
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LulCZrLMjLi:nd5CB7fdpFFFLuQZvMjLi
                                                                                                  MD5:E914076BFCB44AB249639204B52A85D1
                                                                                                  SHA1:6FCE74E2446DA8A4C506FFFB1255FBB2A5936533
                                                                                                  SHA-256:050A484049871C745112B1CC321BF1EEEF61748D809707B5CB1D946578D67CD7
                                                                                                  SHA-512:CD52E91805A428E5AFCF477D8A5DD67F38FE591CAEEED52050D0575DDC08A28F534BC7D1D7172921828B13D2F87E8CE8C5517C703291C4A6E2C0A6E47B2940CF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\TumblerSpecifics.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3510
                                                                                                  Entropy (8bit):4.542180543006354
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MCd5H6E+iCsAaKj7fOWIkFy9ym05LuzaHjpjeaHjp2bTT3A3EMjFLi:nd5CB7fdpFFFLuGjFlj8bTWEMjFLi
                                                                                                  MD5:8A21CB05BAFE538A8DBDB027C8C483C4
                                                                                                  SHA1:6D40134BAD0A93902DEC320F64F4B7EC5AB9ABE3
                                                                                                  SHA-256:58C5D2472E3D36750481A8617D222F8A666DACFC5C13D82E4258D8DE5A9AC190
                                                                                                  SHA-512:72A68D2A04F5AD6AF2E329FCCF7EE81F5514F80E1F571ED870B345D47749C17A2A4028CFD7E2A7357B54896B79EC23884DF04A4E6BC90B7664C2E00288B91966
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2017 The Qt Company Ltd...** Contact: http://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls 2 module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL3$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see http://www.qt.io/terms-conditions. For further..** information use the contact form at http://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPLv3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\busyindicator-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):320
                                                                                                  Entropy (8bit):6.143538258317517
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknHIgn7oe3lDbbF8aJUHpXaX2q7p1nFRjtdp:6v/7gPnt3lD/hWJe1p1nTx
                                                                                                  MD5:F6ACA7D1A684343F1A7C2AF895CE7B4F
                                                                                                  SHA1:6B1EA6AE5D35153161EB2B222E8F2836145CABEA
                                                                                                  SHA-256:02E0FA98254896D80E653F6223670ECAF5B289E9326B569DEDA68FB9B3A924ED
                                                                                                  SHA-512:77BDF98D0FFEC04B070F69A5C0CFFBE94BC1E53F79C871A6209259AC1A6237BAE0B212E94FE18547FE11F350B9247837F56DA331D8D3B29EF2DA902B0A378527
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...................?PLTE......................................................................tRNS.......%)0Miz........3.b....IDAT(..... .C..E.)p..[........B.Jo............$gw~..Y`5.L.^.+..n.;).u....=}..x.....y?..|~b..{.`..^J..;..BI..x.F ..TX.VJj?~.V.-K......$........j}.d...9".D....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\busyindicator-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):229
                                                                                                  Entropy (8bit):5.609680159962802
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIFufFpgGDj01mFVKxxi6vJbqXkR+g4HoSp:6v/7lm8VKy6vJbj3fY
                                                                                                  MD5:7B919E5C952E44182377DBF7FFFAB9AC
                                                                                                  SHA1:EDA8EA728C5A766BE2BE1124ED43E99FBF142E14
                                                                                                  SHA-256:2733397B655E5CE5EE38A89CE4C47E608CC439C61479191CC769E3CB2047FCAC
                                                                                                  SHA-512:17713CD9ECB8BC852D6D391CF101ADA75EF51FF55B17F5FC2B29C16154124BB4CC9F149864443A6748CB0B2E118CF3078083E27D12FC9C306C4C3416C817A193
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R...-PLTE...............................................q.....tRNS....'NOqr..........YIDAT..c```....B.}/......M....J........w...s....N2 ....d.a.....~.`x@.Z.T..```.j.....n)...............IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\busyindicator-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):643
                                                                                                  Entropy (8bit):6.520420673107778
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7+fsDvf2ccFNcitVH1aApsN4AHCIMUqc3tj7vkmmbjM6d1b7/N:UH2qNeIMk3tj8Q8p71
                                                                                                  MD5:B030185F421E78A62BB53F32F538669C
                                                                                                  SHA1:90AE611AE062B498E40169F5BBF06C29277596BB
                                                                                                  SHA-256:E0CDD5067406A7AF72C33ABA8BBE7DDCB67B35C3AA232CA538F0243D35F9DBC9
                                                                                                  SHA-512:94A708396257507B173A386FEA9186B53BAEEE9C979E0D05AA6CD42BF34D27563FAB1E0DC622B7E812C80D0E35883E6554CC16B49FE5EB445BFB05598CB6E10E
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`.......PLTE....................................................................................................................................................],C...0tRNS..........()07:<=>FIJRS^ersy{|..................I.....oIDATH..V..0...r#..(.`4..u+.P....|s.....5..x..1>.H8.'y.3.....Q...".....V...t.7a.....w.w..&..4:V...U.T.aB....Q.l..5...f{..)......mY.B.6..nUN[.f..M.s:...P..9.....p(.!....3..........?..*.....,T.g..Yj...c...4Mu....V.........W..{...f...........v\....=`T..J.=..g....F1.Vkj[-........E..Y.'........d.t#.EZ..k..P..~.n.w.c(..P....e.|..9.....)zCS...O.].. .9.....B.]k~H.E....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\button-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):162
                                                                                                  Entropy (8bit):5.469002487170409
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3V/1I/dNNNNNNNNNxyZ9lyQb5/fySxZ95YOChYkX16zUrc/sg1p:6v/lhPIvIgToA5/fysZz+Ck0zU4p
                                                                                                  MD5:4534457062287689BD692B7A13361A44
                                                                                                  SHA1:208DB74BA6E5B1BED15CEA8E8797E80CC9D23F15
                                                                                                  SHA-256:8B570AFCF93F9FF7D2299D1689D372B57DF9C432946C28EC5688D437070DD8C0
                                                                                                  SHA-512:0EB687EC15C7D97908EF8C4B2D835B2B5E229CDB23595B0016B582DF8A880513EE7391824A07EEEB002677E621E90D983569DA34D00579F0713E23101F2CD1E9
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE..................T..T....tRNS.W..........:IDAT..c`...v....C...P8P`.Ep..L..`.W.'.!...rP....b4..(.*...:+...V.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\button-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):145
                                                                                                  Entropy (8bit):5.257752058503895
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFg/dNNNNNNNNNxyZ9lkeWsFhGv8nNmRanZlgc/s/t2rPltjp:6v/lhPIFggT+enFh080RaMO1rddp
                                                                                                  MD5:8083A160F5C2087CADBCCDC01F9C63B2
                                                                                                  SHA1:0FB5F38A6A653E43CDEE07EE997A3D4DA449B414
                                                                                                  SHA-256:BEBDEE848CF1B6041D5FE1E00B064AA16F7CFF5117A3BA72511E70E69C52B888
                                                                                                  SHA-512:84C4F70540D1C0EE06CA3AD8372267C4209C405A675FA57FFD58CA8A1371297F8206D315EEC87F2493918C2DBF8827D730D87C4785BF6B21FA0B7402FADDEC1C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE..................T..T....tRNS..vw.......)IDAT.[c` .....A.!.j(..3.B.!..P.`.........s..e.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\button-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):259
                                                                                                  Entropy (8bit):5.71443892677564
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknlqBjt1E9EXjjSBQih6/EZucJK/eDup:6v/7+aVTjkQih6/EZ7JK/P
                                                                                                  MD5:DD53095F7BFC5BBD192CAE63C58F7BD8
                                                                                                  SHA1:B2F57BC3FBB5D75621F56FA1E4C60B0EA8A5B9E8
                                                                                                  SHA-256:82C19B31BB0AED7546AA71A9BD909C81056D72C0B91C0B6846F427BDC03A738A
                                                                                                  SHA-512:8F376E4C2257D84B0346D0DE89B106D3CDA8604FD61585F367F4A93CA228B138F51B8A79F9B67BF2DE6D20DD7B3BA476904A76EB8242CD6651400C1B86450490
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......9PLTE.........................................................B..}....tRNS....NSTU^.........E..^...gIDATH..... ...(*(...X..GC.n..........\.........g....^....~..L..J.....j...Z..g.?N..\>.....+*...g.....K..qZt....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\checkbox-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):258
                                                                                                  Entropy (8bit):5.769852974575887
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPkn5Bjtj5oncPqyE+0AyZqKC3R3Y5LnhKrsgZNVp:6v/7gfZ5UcitN5Lhesgj
                                                                                                  MD5:E4E714C83C59B5D1C1556D1D62D64ADC
                                                                                                  SHA1:94128B464B57890874217983A4709BFC264E2CB2
                                                                                                  SHA-256:1311DD9623D476FAD26EC82C6622F52181E8C557309D3B0E4B964410AE49DD24
                                                                                                  SHA-512:221699D8CB7C1AED527FD48CE88CDE7B45EEEA5722575A9F0643BF18301358979D8EC7667F268C61087C111FF44B01AACD565B4D8894EE2F5CCA1FD87C31F694
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...................9PLTE.........................................................B..}....tRNS.....BMNVf........x2. ...fIDAT(...I.. .D.......j.!....* ..g.+H[..4c...C.!NX.v.g....t_.:.Xl...e....b{.n..:.H.m.WL7....>..n~...."kCY.<....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\checkbox-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):230
                                                                                                  Entropy (8bit):5.501711814905997
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPf8p8er+xDTH0+4//yQwWVkM/7Xup:6v/7rHU+4twWyo7s
                                                                                                  MD5:12F453D200D8710234AA4169EA478BA5
                                                                                                  SHA1:201E20F42C7A74A511473DDCD5E17FE72F5C1D30
                                                                                                  SHA-256:C79B4B9C3C7C95C8A9A7F387B7565003904AB92754D808B63B603695A7782BD1
                                                                                                  SHA-512:242BEF772E6F744B05124DF0C994C87F19AB0CABA8879D9408041D45E09760B025E02BD4CB0FBFE3B67C73DEF02917E507CA1BF99018B1D0B0A1FD5D3F7461B6
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............(-.S...6PLTE.............................................................tRNS....7BN[dy........5R....NIDAT....K.. ......H{..F....{!.w.,....M..6.h{.d.Bq........d...8..n..V........{.z!*'Z....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\checkbox-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):336
                                                                                                  Entropy (8bit):6.386123520993223
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknl8prEpejaRh6vxjTR7VSFklNZS+EO0NJCkXxNe6BVp:6v/7+8EpkanAlTpIklNZS+EhBZ
                                                                                                  MD5:3240EDC9A58EF6D6C06679B4763D36E1
                                                                                                  SHA1:66B8EB1443C8D1E89B8601D847CF1544A59EADC6
                                                                                                  SHA-256:81497DEC610FBA4092B6FEA708898EF5378C556CF50547DB745F0D2BB0B15E0E
                                                                                                  SHA-512:71D24D5E15CA1A932E2F616A6C08B8E341BE50248CA19D65E4473AA11664C8F35A685D277383472EE353A91FFBE4E3821DCDBA653136473751FE71D704367FD6
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......6PLTE.............................................................tRNS.....BV[q........w.k+....IDATH...I..0.DQAF..../.....p.1....H.{.c.4.3H.....S.x....(...Q. ..'..... .........).......>../..Y.._.4.....^..>+.........&b..E..5.......}@..r...=.E..G....K.._.C'{qk\R....<...S*}......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\combobox-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):156
                                                                                                  Entropy (8bit):5.51538504512303
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vi1I/XdNNN0ox8s16YAN/qppDLdi/FMvIdtEXTTxEzlkup:6v/lhPI4ycEG+pDU/FMgyvCqup
                                                                                                  MD5:BDC4AD29F88ABCF3DA6F4DAF4F255E4B
                                                                                                  SHA1:DA56D429D47258D688DB4820FDC5392490922536
                                                                                                  SHA-256:1339F0EE67AF481730246CDE6C2294E75389CBFBD88AE7E92E978E24C5477E1F
                                                                                                  SHA-512:76B520DF6953AAE8A830B428FA74C5EBBC3B2630EC522460B257A801DCE62389B93A3E7C1CCA8365598E103D4EE9B73391980626F61FBDE36C75B641F96282F9
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE...............XK.....tRNS...=..z...9IDAT.Wc0F..&.P`.......7.E...0..=F.P`...`....r..b.P.Aq(.=..R!..y0^....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\combobox-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):155
                                                                                                  Entropy (8bit):5.465551917222923
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFg/dNNNNNN0oS5TRiiF8kOBl6kxtL50UX3vzzcOhKMBsg1p:6v/lhPIFg2Dkm1S6kpRPcjup
                                                                                                  MD5:C58451EEE1E3AD638BCA2721FC1BDEBB
                                                                                                  SHA1:C91CB88CD0CFC04A28CA9B2AA350DB880320CEBF
                                                                                                  SHA-256:5C8669BBAF53135CD9A908C7DE90A765E6AA63291D4F38188B2FD8CEB7D42EB3
                                                                                                  SHA-512:8BF9B2E65F43DB2F107CC78446146094D85084860EB434B26077983AF7313B5469186B09099407278469D422FDDC5F996F011ECF4FDF2D730DCD7C4C48CA9DD3
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE..................*.....tRNS... Y.....4IDAT.[cp....P.p..2."p....\.. .80082..V.D.........S......G.:|....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\combobox-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):185
                                                                                                  Entropy (8bit):5.903493780063343
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARtjm/dNNNOq6D16YAN/L+o51oD0LjOn/CB1w7ELh2zrlnewsup:6v/lhPIARomA6o51u0Lj+6g7Fsup
                                                                                                  MD5:83D896D94C6CA31FFAEC6FA627238C23
                                                                                                  SHA1:88C22B903160F3400DF59DAAFCF45640AF16D36B
                                                                                                  SHA-256:2A55B72A3BC42AB0292FBE1259E27F4FADFB08C19DB2A6012523AA8FB221CA52
                                                                                                  SHA-512:68E77DC8AE66D21DDAF348D09B8692B28BD3B0EA9B44E717FFD6C37223B10F094FA0353729397978AF2725C82A726FC339AC00B0F408217BF20F65F52D143FFB
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE..................|.j.....tRNS...=..z...SIDAT8.c0....0.E......I....c..i.J.)))..A..4@~.......@`l..F%0....h....0@..qT.j...:;....#.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\delaybutton-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):189
                                                                                                  Entropy (8bit):5.871937360351943
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3VMNgFasvfflnppO13rAt/8AmFFBvSROFZ0ukF9A8nVeNRcwXnzV:6v/lhPIWN1svfRDWBKOFiHA8nVeNGezV
                                                                                                  MD5:9383E2D967A060452A5323B19796A73A
                                                                                                  SHA1:BE93E4D03D5E01D780EFA70972AB169B4131DCE7
                                                                                                  SHA-256:9A87ACE858844CE30217E692274F96EB064FC3EA3AFD7CD22E73481BB73F3D3C
                                                                                                  SHA-512:6942276C3A93605450001F9C97966136BAC7A5E745ED8E98E37964A5016BE6460D4C6E8C23DF14340058DA54527FEFE11A68B9C9E12CE1907F08CCDA60002F37
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....!PLTE.......................................tRNS.W............CIDAT.Wc`..P..j....vG...U. .....-...!..ia...3.Bp:P9(.P.@1..R..P....vN+r[.f....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\delaybutton-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):160
                                                                                                  Entropy (8bit):5.583083551319813
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFZ/XhhvlaOEPYg/V/HGPiyfdWg0MAROvWs/Bn3W/ljp:6v/lhPIFZMbVHUi2dWTMqpWGdp
                                                                                                  MD5:1973568770BDD755AC3DDD62F4B377F4
                                                                                                  SHA1:7F2B4EFFC633C694F83897989C1D5F3ED289D613
                                                                                                  SHA-256:F62AB5573950155F52AE1B7911A7ED547E877785883D77307CD5953DDFAA0D5B
                                                                                                  SHA-512:DD89CD5ED86A32D43C4423D893ED3B99455FF4E46CAE3271424D2C45F04066684EAF5330BC1F00220139F144BF42DAC1B15112BA86543D3D254262C507EDC5E8
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE...........................k.~....tRNS...w....s.....-IDAT.[c` ..dtt....2xt.......F)C..Q.`........LJ.}.+Rw....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\delaybutton-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):286
                                                                                                  Entropy (8bit):6.4251142206504
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknllBEnzbLvIJ/347m956L3OXK5mrkRsIYw3duHSEs5+8up:6v/7+rMEGK56qXK5mJIgHbs5zc
                                                                                                  MD5:B960E1EDAB34BF8BD9389476B8DA9AF8
                                                                                                  SHA1:07916BD86603368FC714FC26743826736F449992
                                                                                                  SHA-256:53F0385B1E5ACA0F6CAF5D38895EC5F5DA1AFB61F99BE8FCDA086DB44342BADD
                                                                                                  SHA-512:FAC128FA7C28B704D1A41C2890C855B6C1A04F24D6BBF1B66C73E848E192B42A4E60A43F70FE3D27B628978EEFDE7BD27D7D20327E5BC2C4EA28DBFE52DFADE1
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......?PLTE....................................................................tRNS.....]^bc..........&......{IDATH..K.. .D..E....YUbb$,.......D.R.f.<...zs..$..N....".F`.U.r...6.G.........M..<....&x.L.......W...\o|.......5.(....QY.W.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\dial-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):267
                                                                                                  Entropy (8bit):6.250216684699836
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIiImcNRN4hUunrvSDsx+MPo34pvCpKEp:6v/7AiI/74iKrFTapL
                                                                                                  MD5:F469DE0C31A22D0F4D723AE278CC571C
                                                                                                  SHA1:8AF033D0E9469869F1F10A4C711188B795B35DFF
                                                                                                  SHA-256:B920792965B82F5E6A6050584CAD23177EAE03CD531703858C97C7F9E1562B1D
                                                                                                  SHA-512:E6ABE5836145C77972033CE72C5CC49064AA2D7E7DD4F170FFCDD083B5B9AA57DAA3DD9684A5B928BA9F3A60D5DCC9591859858F81F6AC52EB97F96F7F1C1E91
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....$PLTE.....................................{@h....tRNS..(f|.......c2.....IDAT.W].!..P........,tV......B7.X....L...o..'.t..3w.^...L........^.V~r..}..W.!i..{.3R...."..(.5.j..G....'K,ju.H.1.Gt...I..9."..?nq..!.U/.,.E1.I.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\dial-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):243
                                                                                                  Entropy (8bit):5.807736350030957
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIFufFp0j2xNshovxrds8/Y6+qF8KYp:6v/7l0jO+hors+OqF8Ky
                                                                                                  MD5:57109D7FEDA9C3F87A7E3846CC79B710
                                                                                                  SHA1:5C9E5D4239C3F6E05A84345A77FAE721FD53A46D
                                                                                                  SHA-256:5D34C18970ADBA1C6E1CF4BFF1D10869610F9C634566E64764473DC978CD3589
                                                                                                  SHA-512:5EFEA5867D5B2CB49D0B35310BDC1FC4F81024E2B078DC5EE88587FFCA0057D65E23ADD927602868484C0644C22B369CF8756DF7FA3113A129848F812137AADE
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R...-PLTE...............................................q.....tRNS...6J|........e..O...gIDAT.[E..D`.@.GD.J.-tb.+n.....l@g..F!N..p.......yk.........;.Z.X.:m.=Yt}.....K.M.pR..d.=.z.O.....4V.d.<....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\dial-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):505
                                                                                                  Entropy (8bit):6.624754480129074
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7+d/Kst4a0jT5tHMv5+939ZGFau9GS:5KsC1TLh9SZ9GS
                                                                                                  MD5:6B7F152AF76271D769C04DBD50DB3F40
                                                                                                  SHA1:08B1B382ACBDA38EB145C22F56E5BDB12181CC70
                                                                                                  SHA-256:8E5865DEA50E264BC454A474B5F92902A0F7BEDAA2841F7E967B8A9741BFE16A
                                                                                                  SHA-512:2C4AA84F219CEA7C3F3F29B90003416C85D4D8E0A81E9989ACB8987982B0FECE43EA0BA2F22459C654FCF8A5A295C8B250365FC86EA019852651F4F6E79B6A87
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......WPLTE........................................................................................X......tRNS..... "-;A\`sv..............I......5IDATH....0.E.j...Z=...}...BZn.c...@.8i..i..wUJ.H...C......k{V....[.I....1;...,%.....>.(}...q\t........?....;...........n._..Ww..y.....V.G.[..x7...%"J.....j.p.%.&....A..Qz(..V.H.:6.R8.@ENh..+N.Ck....0..d3.h....#v..K..iu6.'.F.Jh. ...!......'.`M.!.....s..A...R.=*.0VX2u...,.../E../v......o.?wQ....S......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\frame-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):121
                                                                                                  Entropy (8bit):5.0593094555620866
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclBsNgFdy5gB45lzpbtmVCoEp1p:6v/lhPKon5EWI7Cp
                                                                                                  MD5:7E6BDF51F87F56FB5093C1B7A44AA6CC
                                                                                                  SHA1:E6C6C44370D5533FB2607F6B07EC11EE22D26804
                                                                                                  SHA-256:34FA2C4574D3640EC71AB2A381EE781995E4772A060AFA6BD8FB9B13577218A1
                                                                                                  SHA-512:A2F0184DE218D17116603E6AE081A6AE8E5A8AB7E61E26F12BEFBF4406AA971A43FB2F42DE00649CED72897518C8A454522ED1261F4F7004ED1CD14B76E2BDF2
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................k....PLTE.................tRNS..k$.\....IDAT.[cX......P .bX...Zt..9...i(B........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\frame-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):117
                                                                                                  Entropy (8bit):5.455053274580113
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vt3lSXjl/sTP7EGS9HFcBtsg1p:6v/lhPMJ/eEGOGLsup
                                                                                                  MD5:766E3F26956EEBEA7E58F7EAA255E0A9
                                                                                                  SHA1:B0701080F38168A7B1DA6C9E6FE56D62BFA72F1C
                                                                                                  SHA-256:2F8A816D42FD5F91C6106C89DCEE793697E9801419CF935ECDEE902463E2720D
                                                                                                  SHA-512:3C510601EE6E45CBAD04A9A3D5424A338FEDCC12D0BB54D0AED15DA303AA7761714A6ADCBDBC00580245E4D8FB4F8DCB5005F11B29328530F84283D62C0274B9
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a...<IDAT8.c\.b......%.....X..$.}.b@DD..Rt.X......^.5`.....8.......kK......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\frame-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):125
                                                                                                  Entropy (8bit):5.243817741577587
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZ2NgFdy5gB45lsPZdDkYq/jp:6v/lhPKaZ6n5EhdoJbp
                                                                                                  MD5:4F401A378BAE5EC0DB197F520C42B7B9
                                                                                                  SHA1:D670D2641B4F15B85598EFABFB20B863751F18BD
                                                                                                  SHA-256:457668FC7504283BF117791EDC3EF901818AE857387FDE1D0E1F17B420741266
                                                                                                  SHA-512:21A7C33C52C81B8BAFE1465C99F1972D49F3BA944B5A03D13175402796B1B8506F47D14ACD5FB4D6FB32FE204B2B1AFC65F065BD8126F41A11CEDA826FB0BB4E
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE.................tRNS..k$.\...!IDAT(.cX...(.,...( g...p.r.0..)....V.*......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\groupbox-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133
                                                                                                  Entropy (8bit):5.246035098126626
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/8xt+K8OxaqI5Ef87bKgtaN1p:6v/lhPKN2Mj0qeA+7eaqEEf87ugo/p
                                                                                                  MD5:042FAF7D1A086F9E9AF22C094643C5F2
                                                                                                  SHA1:3EFF561529525411F04235FB244528A1C2FBB071
                                                                                                  SHA-256:FF9230939EAFDFC03C31F6DBF9B42DC8E5FC6E76904638BD0AF04612BB6C3D88
                                                                                                  SHA-512:2FC05DC040A863D2B950BDF3A38B92038EF2820FD0389A0F296EE5CF3D995AF05E1D8A9F312C1791B7EBA37D0FB1C3337421972C75FD2AFB1B797138F96CB6F2
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z...%IDAT.[c........T.+....OC. ...H.....Z../&....*....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\groupbox-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):125
                                                                                                  Entropy (8bit):5.663640357531416
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vt3l6hRJr52sgFV9tvwJg0UgkxCAAk9uldp:6v/lhPaLtzApkg05Plk9Kp
                                                                                                  MD5:87AC315DA1986A62AC59BAAB0F3E1879
                                                                                                  SHA1:06C5886D2BA1BDB8B55D629C29F7FCA703BA6179
                                                                                                  SHA-256:9BAA51F7C2E36E6FB68AE25F417034E9CBFE67A7263D521A39304A36CE8581A3
                                                                                                  SHA-512:08AD89B10EB2F691856128DAAF13A1580E2DBEF60AB93C9889F160D6C74EA1E789CBAB8EDE680B5C1709C2ABCD9F6E5FD2387730DFC6633D410F429990F14253
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a...DIDAT8.c\.b.... "".....!..0.......V```.H...0.>FDD| U...+(..Q.....'e.%...........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\groupbox-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136
                                                                                                  Entropy (8bit):5.361318775883497
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/7xNLYCpxK4NtU3MdPrH1p:6v/lhPKaZz2Mj0qeTZ3NtwUDVp
                                                                                                  MD5:7E7E8E6C62C4A7E5B88C538D1B42057D
                                                                                                  SHA1:826C53BEF1EF0B7879468DB99163B1F901C199ED
                                                                                                  SHA-256:8BFAAE84606A3B98252BB9036F135730F6FEC4B4976A832459DAE1014025F385
                                                                                                  SHA-512:80E64AB1B4FC7C0C84D39D856D3FE48F5EAD61FD5A8356329FECBEBC796E7E6246B7908280CD86975FFA6C9186B127EDBEB859CD7190AEE52D25666F8B11FE44
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...(IDAT(Sc.......b.u..$.../....."..r..!....r..%.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\itemdelegate-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):127
                                                                                                  Entropy (8bit):5.1918308574182515
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/HUsMNkjpsetlsup:6v/lhPKN2Mj0qe8sfZtljp
                                                                                                  MD5:7E7DE1032C535E882B02674DC7E02170
                                                                                                  SHA1:BA61D45E138221E41F8C04400163E469C9D89F33
                                                                                                  SHA-256:AB5FBD265A69F34A4AABF064594CE5DD9DB497F9E0B78109BBB6CAE248EE2E6E
                                                                                                  SHA-512:6797BFDE68249FD72C31F34803A239617D9BDE2872438E4414532846D964E1A611D1A785FFEDF7354DEEC6BB90F2B32C794364B00788661DC1F7787A50DF7DD8
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z....IDAT..c.......B.........(...U...81..:y;....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\itemdelegate-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):124
                                                                                                  Entropy (8bit):5.135563403999344
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vn0Xl/jgFdNNNWj0qIW16YAN/3xtAlVys9CUUPtjp:6v/lhP2l/UMj0qevsykUVp
                                                                                                  MD5:F921CB25BF44DDC67E07FD72E43B367A
                                                                                                  SHA1:1439ED4850A760D9AC649D474628D9F30C63CE28
                                                                                                  SHA-256:2ED49E5D10F3EFF68CD57F9F5CA18E1649D79D64430CD0C27C2F379C31E2C5BA
                                                                                                  SHA-512:0D4C2CA1F2046D13EF4BFCBEBC0C197322E043529DC3201052005FFA9FF23DF3C1DD24B2911EA39CE975C46464E78D14CCDB3460F29FE3ACABA3DD89B2CFC2EC
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............b.......PLTE............3.......tRNS...=..z....IDAT..c.?...R........#.K...VI.........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\itemdelegate-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133
                                                                                                  Entropy (8bit):5.269977557111846
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/8xN0GFOLV9k4FsSC+J6KO/sup:6v/lhPKaZz2Mj0qeg0xG4FsC61kup
                                                                                                  MD5:EB6E3B2C894942E0A02A4B59D8E448EF
                                                                                                  SHA1:2907271E950E9A60038A3F0D3CC62A61BD4014A4
                                                                                                  SHA-256:35CD190647589D00427E03F347FB9A0E68FBAA18F3556393F8A9978C83287BB8
                                                                                                  SHA-512:F66FF8DAFF81EF93ED510A234E36630BEFFF11125EE1B940A37050DE78EC31CE990F2BF211AF50C00C8D08C2246C0817B03C063C705DF405A215084F84A10ACC
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...%IDAT(.c`......p~.BA<........i.....I.7.oU\z....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\label-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):206
                                                                                                  Entropy (8bit):5.3583146417446965
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3VANgFdNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNlpUpvOvgi:6v/lhPIaNFpWvgMnkJWB/q5EJ4JmUup
                                                                                                  MD5:EE11EB0C7CF005989CF2D5B72D0906EC
                                                                                                  SHA1:D1A62398CFF772D6209011B49A9CF4AB513CDEF2
                                                                                                  SHA-256:E66830233371D21E0DD1613E4CD968C8ADDDDD38459DCA332EB1184D30005B2D
                                                                                                  SHA-512:1F1D471115FAD3233476526159C1A8A428CF4BBF6BEC42AF85A6AEA9B32091ADA36CB7F8E13DCAFA2A5281BF8C9B205A6368F29DFDF971688C12284C3A890A58
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....-PLTE...............................................q.....tRNS....(2Uy......!..o...BIDAT.Wc`....{.........w.N6.T.).{....3..........E...(F.X...T.R...qh].P....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\label-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):182
                                                                                                  Entropy (8bit):5.198856669391573
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFl/XdNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNC3q13Gr1YJ+ztr:6v/lhPIFlga1Whk+/c49nYu7toAPdp
                                                                                                  MD5:9450021D6A3D5C80B45CF667EF1950BC
                                                                                                  SHA1:ACFB4F3420D1C821307D8F89BBA242255E13E033
                                                                                                  SHA-256:8CE5FA2C227D57ADBF9B68BAA42A3765D81E34E8332C413E498E989074BE8701
                                                                                                  SHA-512:432BED28710D2E95E5863DFA83B1D9497372F13E21340E174B4C62D84539DD7E232C46522B01CA33B79BE9D7DD05714591B9F13BD324F7840D407D0CAB3BD356
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R...'PLTE........................................O....tRNS.....,[........*...2IDAT.[c` ...9.....g ..3g.()).a8S\..9c`.&.W...7.7..!.*oGh.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\label-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):284
                                                                                                  Entropy (8bit):6.115747116127996
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIARee8GsJuktMn/9zQq+4mPsT0dSGNXUxoUzNp:6v/7A0eehx/9Uf4mUTKStx7zj
                                                                                                  MD5:15133EBF59CE75785ED464ED47AFC1A4
                                                                                                  SHA1:EBC5FB34B88EFEDDEA726B8BE6B1388005980CCB
                                                                                                  SHA-256:CCBC36BE31BA5B576570753FA92181B887E9A048F9155B2CC630BADF2F229B3E
                                                                                                  SHA-512:B80B4D3E39601A8033BAA5C85213F1DB5DFEEE81465AA15B012F49F2C835ECFC9FD4B4B6D211569B7335DC8BAA7D43167215A18E38235874CBAB65DB507C4531
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,....0PLTE..................................................a9....tRNS.....,.F[.......-e....IDAT8.c`..u..4..gZ....c.......Kh...!q.?V.......H.....$..B......b........c....<..D.P"..U@l....f9T...N;p...?.>'6......3>p. .8.Jp.+.)q. .....Y)V......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\page-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):190
                                                                                                  Entropy (8bit):5.881734887732713
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3VdNgQBaZp1Awfx7vfo0wMn3Gp6XZhVdCr5UBx9yGFFXhKlJdWGL:6v/lhPIWQsxfxc0wMWoZhCUdy2XKWyn1
                                                                                                  MD5:44B9792AE29E4B427FAC96C8D12BCDF8
                                                                                                  SHA1:E93C17FF4CABB413F1BC887C476FD599B26295B6
                                                                                                  SHA-256:671571E519D51393F67C7EF6165ABEDF2CBCF6A5ADEC760D62F7477733791610
                                                                                                  SHA-512:0FEC2CDEC5A2CA9161495A8C53E687C325A1F9B9A3C18D011FB5D0F24A358256544502DCC75C6F6CCF1746041CBCFF6C090C48A5E03CB7EC4E18414E85320510
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....0PLTE...............................................)......tRNS...:Z|......i..n...1IDAT.Wc`.9..7.....?.........2._....7d........;..?....o.#....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\page-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):148
                                                                                                  Entropy (8bit):5.519999987133626
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSF9fgFH1Jff4RSYmwakxt+SGy87l/N6lUjqlll2up:6v/lhPIFuDxARSTwag+zPN6ej6lVp
                                                                                                  MD5:385381175523BDC165BF712A8FAC7E3B
                                                                                                  SHA1:59FE04A9906D95CA5D5EDB900A51BE9B199A0969
                                                                                                  SHA-256:A1104B7C497367B054EA7BB7B13042ABCF6E2701B5B4FD2D32E4F0C288C61C8B
                                                                                                  SHA-512:3884117437688A657DA956335456ECA70C04E11D08E9E28C095C838D21AD7BD8AB801D736B60E2D777E703DC2EC7D66D8751D1E8BB92B2515674792FBEAC5C0B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE.......................A.......tRNS.............%IDAT.[c`HKKKU`.. #=..(U.2..a.b...h.....$..BO.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\page-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):195
                                                                                                  Entropy (8bit):6.190383509332898
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIAR2QNjIu/lETV/MFSqyyfP03RlFPap:6v/7A02Qael4V/Ez30Pw
                                                                                                  MD5:0AB64FB94D260B62E746AA234F701699
                                                                                                  SHA1:DEC4B94554DD9648A6C145E21DB73D2FBFA5340C
                                                                                                  SHA-256:470C07CF07F02ED291741433AAD88AB80F1EC7671D6403DEC3D74F7EE13BB803
                                                                                                  SHA-512:F62C30F7F158A81CB89F7FDAEDB81FD83F0D6A884B58B64457464DDE5C63210F294A7F6FA657350F8AA39C877A1496F7D4269B3D00B55157EBCCEAD0678EEA4B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE.......................G.d....tRNS......'I.&...TIDAT8...A..@.C.J@.Z@.... `C.>'..MQ0.........;.....da.E...^.hQ...X... ./.2......nz.G........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pageindicator-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):179
                                                                                                  Entropy (8bit):5.757540561484614
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vz1I/dNNNmINPV/nKSw6N/Yshkx9wSwizqt0DUHJiuuGhI/2FVN:6v/lhPIbIOINPdnac/wwQzK0CMuuG+/U
                                                                                                  MD5:CFB3903DD4F0891B40DE06E91D9A34A2
                                                                                                  SHA1:E9DC70E894EDFAE99CE1420E287B764229847CCA
                                                                                                  SHA-256:F464FA5BBC20F60471A1747B455FB5982C34E378602858EBC54A28128D53CAAF
                                                                                                  SHA-512:F1693DB0509145F75BB87B476582F048D68340BC015DA6690F0E8C40552369F93857A7BCC341BF912BC476C818976385F314CDC05BB98052008AACD03696D2E9
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE.............................y..0....tRNS.......($.:...=IDAT..c``/..V..0.s:..9S..83..9.)(."..`...0....S..@2.XI.x{...ZST.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pageindicator-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):158
                                                                                                  Entropy (8bit):5.6271769623894805
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFZ/XhrkiffQePYhItEKw5wlOtmtMZ00uir/lsup:6v/lhPIFZSEIePltNw5wlCmFbir/2up
                                                                                                  MD5:C23DCD49CBD59CD5CF1CCE8C98BC457C
                                                                                                  SHA1:A94ADF955764F9639F25D83CFACA27AF8B4D6BAE
                                                                                                  SHA-256:C55198FAACCEEF55982A3ECEBE54EE4DA5C602DE3F25F1CA8A7E0E47390A42D5
                                                                                                  SHA-512:91BB99FEFF3B4F9B05426A108BCFCD5E00DB974958811AE38EFE8C28D5C2D614D2112ECC1E4738619D790F727023F32018E7DB77E534C89936C31D27D5FAF178
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE............................p....tRNS.......XQe....+IDAT.[c`(///S`.. ."..hS.2:.a......`.3.d.(....)...p.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pageindicator-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):207
                                                                                                  Entropy (8bit):6.117092898241342
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIARkyCNvVz/jfFmq6mE4/rNMNdup:6v/7A0k73jfFmqnrNMO
                                                                                                  MD5:A9ABE784D39722F3B3FA5514D1ED8C89
                                                                                                  SHA1:2174CDEF184DDBF419B6B8439B2E5BB061B9D586
                                                                                                  SHA-256:F76D3DB6E89F93B8A94227791DF7679341C42BAA1C81D36290B0C3EAB6CB87DD
                                                                                                  SHA-512:D2A77BCC353D4D77115AEB88A21B52F785EEFABEFD5DB29E852478EDB6FE36A57DA7ED9C8F23FDC781D88F7910CB9EB747F62E61D53837CCE3E437068370F8DA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE............................K.....tRNS.......jg.....\IDAT8.c```(..2..d...H.%..C.#.....d..-(..ZP$...J iA....%.".C.....\...\..D.....J.U.b(w.J..`..!.m...~.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pane-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 1-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):93
                                                                                                  Entropy (8bit):4.992746311106649
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlj/ulrIoqPi5xl1aw6/p:6v/lhP9/qrI3a51Vkp
                                                                                                  MD5:895294B378CBDA6823D48907C94B4C10
                                                                                                  SHA1:F3CC4C63384C7C66806BA9D4C9E3251815C180C9
                                                                                                  SHA-256:F685A48ECCE386E135631BEA5021D952B76F103D9591C5F0A08E3EE128095108
                                                                                                  SHA-512:0F0ED05624C10704E550991AD0CEA03434BF284AC8024809B723D1D56456A13A6413C3C93BB35D9CBBAEA2ECFA7F9882A1FA373DD5A2D04E586A4141E9CD2ADF
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................PLTE......j......IDAT.[c`@....P.#....%...3x....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pane-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 1-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):92
                                                                                                  Entropy (8bit):4.898030705821857
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vkSlOlsoqPiaC0moed/l2up:6v/lhPcSlO+3aUPup
                                                                                                  MD5:1E9B1232D5724DF78ACCC50A3B60CBBB
                                                                                                  SHA1:3C6A1D53C692FE64F5BF9883CC59CC6132EF1B00
                                                                                                  SHA-256:52A9FD93B93D89D52179D59413D9E66C30E4DCB772517D2779B50B333D8BF2BB
                                                                                                  SHA-512:D84A0A8779AAFEDCD124CDF6917AA1A6EA7F4EDE6C099E5B9FB02892D44BA3A5A1244B0080613B3D9AFF5AADA208BAD4F6DAFE94E924D01D5F87E06C93E21813
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............%=m"....PLTE......j......IDAT.[c`...?..X!.^1....x....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\pane-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 1-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):96
                                                                                                  Entropy (8bit):4.961904818136523
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPljIpOJrIoqPi2FFdaLz/Vp:6v/lhP9XC3amdIbVp
                                                                                                  MD5:547BC3C4DD89830B45BD0F695DE282AE
                                                                                                  SHA1:F9052F5A2D6B95E83D4D5BC16748847B9020E928
                                                                                                  SHA-256:B72E9B5CDD7CC922817A511E44BD27573868EF7841B456A4C22FF9FC61092D3A
                                                                                                  SHA-512:D432A6D58F1CDD443608010F514F083EEEF3750A40CEA48426C8C49689F40EF931D5A7EE5B8B8522555C96475E061CA9B5B08769B3671BB58F04B68B6D96A056
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....m.k.....PLTE......j......IDAT.Wc` .0....#.".....K.e.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\progressbar-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):101
                                                                                                  Entropy (8bit):5.084273642835408
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl5ljZCihss3bHJgGBbX1K//sup:6v/lhPZt9DBYjp
                                                                                                  MD5:B21C26EC33FF664ECAEF11FED6FFF7A6
                                                                                                  SHA1:899ACACA33F04EE1CE3BB46C8E5E37546FC96EEE
                                                                                                  SHA-256:6B3F1DA3DD4CA2CB84164070647D28CC9FB2490E8ABCEC24639EA7F4F3789FD8
                                                                                                  SHA-512:47C0757EFB0BB838190B92240455E8E48A956CBDDD3A93C7DE9452DE1F00209257CC1B465CEF05DCECDEF5DBBA1B57FEEF23A7A3A7AF4CE02D4F4878721C8095
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............w=....,IDATH.c`...`.........I.p..m.,`"I.(...`.................IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\progressbar-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):92
                                                                                                  Entropy (8bit):5.077241575644354
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vt3lyoS9gSRgWEZ62XbDQe8LQ/jp:6v/lhPioOvdEPHL8LQbp
                                                                                                  MD5:8220C1B21F816FD43682546124C5E64D
                                                                                                  SHA1:DAABE8F27F6D2CC73EA5848F3C8DECD7BB41ECCE
                                                                                                  SHA-256:D2697968299A96AECD915C22891DB2E25F3059BB9D5A4E207ECD156115FCD2A8
                                                                                                  SHA-512:1E8E122AE0A77345333800E0FF149CE63118A630CA8ECD3179FB2AE9EFD8C88183ADE6152FB95A79851BC63D0661B99ACF472908727707FCF1D44CFF6A56A0CE
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a...#IDAT8.c`....0^<{.?>..o..k..U.3..*..M.....fi....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\progressbar-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):127
                                                                                                  Entropy (8bit):5.640409232596393
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl5lGyO0Pnvor2US7Psy1muhevsB1p:6v/lhP8yO0vv/VNoUjp
                                                                                                  MD5:BF7FDD12981CBD65700B068C6D64446D
                                                                                                  SHA1:C2DB0F661846CC2B43DFA1E31C7331F83E8C7085
                                                                                                  SHA-256:A7E67F219846D4F820C64F2C6BE7C58C9A5F048EC78DEF9BB634A0DC43479841
                                                                                                  SHA-512:9F3215559790905BFDDC1EBF76A03286A6EA6C998B1BCD0068FD46BF97C23F386FB1E931905F3BA43A1383722E790ABEEC2D2DFAB6984C71042A69994D15ABDA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....W......FIDATh...;..0....A@.{JA.""...0oR.+.>......q..*....<.......r`7.....^Yz.....[....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\radiobutton-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):279
                                                                                                  Entropy (8bit):5.967663267041628
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIaNFpmN7zwdySCb7Wb7rakHYCsqebKuMZufp:6v/7AaBmhzwdySs7WbnakHmbK/Zux
                                                                                                  MD5:FB6CB875F4E1D3140CC94C028AD20E30
                                                                                                  SHA1:113DE4C91586D69F7F759CDE5E2B05990B5141C0
                                                                                                  SHA-256:A78117CB020CA15F02B3BCCFF2682E5DD53740820872E49BE0F592946179D970
                                                                                                  SHA-512:8418CF62A2312DC3ABF3DEF8CC683174EDE612BC4A3FB20A575CA0D14F714D3185F7AE121298D3313B062453B94BD5E9B8A31F6A62648622D137399D48113E12
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....-PLTE...............................................q.....tRNS...()Lf........v......IDAT.Wc````.>.f....0.{../....w`p..f....@N..............L`.....T...'.u@...A.H=g....```.J.f8...S..q..a.J?.q..T..2..P.F...9(.E....P... ....zh...VM.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\radiobutton-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):218
                                                                                                  Entropy (8bit):5.696116325582462
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFpfgFdNNNNNNNNNNNNNNNNNNNNNNNNNNNyeXcNnzQY3AkxluY:6v/lhPIFyImcNzQYQkfwYoz9v32Vp
                                                                                                  MD5:0FF9B69B38C2A03B2F36D7AD4958D9F2
                                                                                                  SHA1:02FE2151A57B700D34D80DB45BF6AF5C0CC11054
                                                                                                  SHA-256:56D1AABB240390F3AF33227CF47572DDB604B5581144739DEEB422A4E3598182
                                                                                                  SHA-512:96428CAB7904EF6F8A78475217B9BB29102B976BBEE274809F1E8A31B6B69199D37F5455C1012CD1AC4B065972F96738F323C4A0FF4B88D624FE3B4427C19E81
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R...$PLTE.....................................{@h....tRNS...6.......k......ZIDAT.[c``0.....Dw.A ..c5..]..u7..0X..,k.....w(0u...0{."....;.V.N```....K......[........;.xt.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\radiobutton-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):482
                                                                                                  Entropy (8bit):6.515696943747605
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknl+3iTYZXbAy2h+UomuZWnq6ZxVR0mnxy2eBKfTqt414HLCLMtZXkF85y:6v/7+wh8NKmWCqFBKS41QCwk8gItwPN
                                                                                                  MD5:8F15132B0FB6AD489257B40EDB4C711B
                                                                                                  SHA1:A67A523304C7AEF007E9A2B94B6D2CF6BB641066
                                                                                                  SHA-256:33A57B2B210E4000C73200EB62EAE4E3FDB53E752F2FC8CEE5032C2967D2BDC5
                                                                                                  SHA-512:E7BE0A78F59842118931A42BDCEA2B9880221F15FCA80395F64627D4B94322F6A4305AE59E2F5930BF8786095CDC116DDBDD273A54FF8D266696B24AD07413FB
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......]PLTE..............................................................................................S.C....tRNS..... #$*-\_atwz..............p......IDATH.V...0.S...........v...%.....`.T.0/".<tU....Q..:.B.'qpjw..a..[lM...O..S..U.`-,./?.'.FQ..^..W....<......x.....+.w.7Z......2......b...=..j.G{V.0~.C.wp0.#.X...U$.L<...&....7..Lu.....]...0`V.....0cQ...d..@....H3x....4]V..hk....? ...M.o3t#.[%..v...~d.C....`...|N|.?..9.........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\rangeslider-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):269
                                                                                                  Entropy (8bit):5.715953267547524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknLISMG+qSbS8M5nzlfKPCTnHFX5p:6v/7g5cM5nzlSYd
                                                                                                  MD5:0BDAF9BFB1FCFA05187BB9067480361B
                                                                                                  SHA1:FF251276C4D6689380285CE48D49B126D7C60C59
                                                                                                  SHA-256:6F1B5F8D94399A1BB372D78B958101621D04C2030324DCE548D570DC140A9E8E
                                                                                                  SHA-512:1D6EA5C7240DA49804E0AC2F25CAEA28E25E3CF5DD6A2851B19E3FB893CDF307878E54DC6317353038E2098797FAE156DAC11B9C3E8FC463422EF3F0A4979EF0
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...................KPLTE...........................................................................c.V....tRNS....&)06:..............&...\IDAT(S.I..0.....R+.._j[..L...i.$.@=8...z....>s...K..oMTcf.P...h.......-.%........j(./.[.7....."......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\rangeslider-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):231
                                                                                                  Entropy (8bit):5.52736090983763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPf4YuP5TqeElJmBlcNbN/I4SoQ+4Tp:6v/7300eEQ4N/zQd
                                                                                                  MD5:5FAE31BCB31987EF8DA5A2D8FA7A97CC
                                                                                                  SHA1:4718FE06F655EB02D6225FE74C380BD9B06FE01F
                                                                                                  SHA-256:6864EB590ECDEA19DEAA5D9D858164E9F0FED65B3F92FCBAFB4F1F2B678BDCA9
                                                                                                  SHA-512:B5CC1FD1D6C9C13E7FBAB9DF23EF259074A1EF31F07659403F4A4C640EF22AB4F92ACD9D5BA1427A5A80677D72F66D6B47A372B1C9010FC448F50974AF1CD347
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............(-.S...BPLTE...................................................................x.2....tRNS.......-..........t..5...BIDAT.W..7.. ..bA....._upd6c....a..9..9...z....UcP..-.V].....I?...F..G..k.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\rangeslider-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):282
                                                                                                  Entropy (8bit):6.24604723732813
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIARAGDYiZEs6gmYvhWw8XpyOw1wksDwn8/MG2jtumSskDejp:6v/7A0tYwEn+hWzZA1wksDwn8/uiDw
                                                                                                  MD5:57DC8F40DD0AA32263F4F28E259E6F67
                                                                                                  SHA1:342630273B85A886DD6E06D4943E36EC7CEF5E08
                                                                                                  SHA-256:2CDBDA8732E153568C15E088A865A822F9743B1B437C7DB1341C2917199F28AD
                                                                                                  SHA-512:E7850561063F8A66BC326F3D929A4B71184A88F66CAC8F070D75BE79F2CD09784CAE7BFC83A652760B2567E8BC623869C73A804E8DF6125ABF03C15C826702C7
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,....*PLTE...........................................2.....tRNS..(6............IDAT8Oc`....0{.l1..M:g8....V.Z.T....2W.B%.A.U.`5U .r.".(..R....\.....Y.....\..`.J8..^... ...;.V-S.Z..Ij.V..{.(q{.E.Zp...U.V..a.N..8...q...@...`.......;.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\roundbutton-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):229
                                                                                                  Entropy (8bit):5.921078912589736
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIbIOp/ncyoH/Qy2OwMkaZl9JoMZ6Mckup:6v/7Abrdncyg+OwlaBJRZ6Mu
                                                                                                  MD5:55916A706CD81DB0A2C8652E610E1262
                                                                                                  SHA1:2852CA5E6D5FDB243F8A39F73E9FCA19A2299C21
                                                                                                  SHA-256:99B9B80312B8DEAF6B9F39AE3D9BEDC2053C13E60AF608A4B0497AC300ABED57
                                                                                                  SHA-512:532CD09DBD12E8F6602B288225C055F1B8130C5173073874C5BE0587965ACDC94311201CC594198CC2660F92BC2D7E98EBC576308B88B976A010EC02058DA3E9
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE..............................;.......tRNS.()f............mIDAT.Wc````r.........3.`...c1...Al..P...X.8..::a.....3. .A.......La.Dp.1T"8..f".T..2..P.F...9(.E....P... .......i.h-r....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\roundbutton-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):186
                                                                                                  Entropy (8bit):5.5536884832398155
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFZ/XdNNNNNNNNNNNNNNNNNNkgUfNOI7DrsRSjnS7pXfEnVt/U:6v/lhPIFZ2TI0AAn25bDEoJ2rDup
                                                                                                  MD5:D8B15D4980EDA3BD79F6D76885915B8E
                                                                                                  SHA1:486A6644B7A1149644C372C272573705F7E89960
                                                                                                  SHA-256:DBEB399381F205C59FA25B5FEEE98FFAAF744EA4A339AE42F3A497A9A41EF2ED
                                                                                                  SHA-512:AE80C3767C877B6EB49EB735972C92CC70F6C50F567140121926A0A05B3390B19F6DE6E36ED74EF878F63BD6D680A5FF897ED537A91500F132FBA1E3F9542BC6
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE...........................A.......tRNS..6......Nt....FIDAT.[c``PN/3b.... pd``..1Z..X:...A..hb..0..2 .6.......K......[........4w.y".....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\roundbutton-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):381
                                                                                                  Entropy (8bit):6.445736199555965
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknl4so29H/fgxejoVBffaOpAcCh93qOLJCfXs8FmQK9jGevew6p:6v/7+Pp5/Zjof3LAci93FLE/s8cQKJTK
                                                                                                  MD5:5FAE8CD652AFD6529AEC29142DBF738E
                                                                                                  SHA1:18F612DA2C977225A7C8BEE86EF463DDAD6FAD78
                                                                                                  SHA-256:D29E2D78A95EFCABA8391EA35A5F1C097BE666BF878FCBB2D91262D600213129
                                                                                                  SHA-512:F99511DCC3C0AD6A771358A39F48816FF4BE9BE2F93BB8D8208A15D6E453CCE962F071514E09433D7C9C5200188CF330736F31C8D052936ED63C8E4B8DB54154
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......BPLTE..........................................................................tRNS... #-\atw...........QM......IDATH..W..0.C..x.[..j.6S..&.....N.9&..g.:.....=....j..yc..RL........~.|B..../.@..1...S.Yb..7.E.....b^.[....s.b...P..@/...../......fp4c.."f..0C".....K.....\.p...7..p..1.....p..q...|d.C....`.W.?....s............IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\scrollview-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):110
                                                                                                  Entropy (8bit):5.362441304373581
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclBpNzOqbs4sYci9qMunsOk3t5IoTp:6v/lhPKN+4s+qMunsO0t5IQp
                                                                                                  MD5:FC3F677815EB9C343A6FE9F8D1B76466
                                                                                                  SHA1:A54611F2A4D58285C0CC5E32D45C587126039129
                                                                                                  SHA-256:95C391220B616E9733A9D4FB8C675430069DD74CA3C37E4DEF92158C3A1B75E2
                                                                                                  SHA-512:77183D663D6ADAA8D8B762A340C1E16DCCE21E63A0369BFAF6624CED9C192CA9CDF0FC86C64D8BB895CA27367FA64F8E8E4EF577338469DEFFE821A7532364AF
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................k....PLTEyyy|||.......~.....IDAT.[c......P'.L.m...U.V..q...{.\-.j....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\scrollview-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):116
                                                                                                  Entropy (8bit):5.2710999603464
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFdccKANNNRohdNmLZDc3VjmlWQ4leup:6v/lhPIFdc5Qf2m9CjSWQodp
                                                                                                  MD5:FE271F40CB0EA8AC57076F28FE228A68
                                                                                                  SHA1:361E02EA2DCB45F2EF0772F2B8BC27DFB61A4D9A
                                                                                                  SHA-256:382824CB4968E384B1A85DE6A222EBF36EB5691F4A736E7293580FE62A9FAA81
                                                                                                  SHA-512:F2AB5D3FCD086D92688199EBE387328495B91B21F1EBA9F5F24A21FF19F060AAE4E97C5E291988E9EBAAA21C4BC90E174FC5B2DB2072F013C6F6DDFA5AA46BCA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTEyyy|||..........u..... IDAT..cp.....(C..0.6C.f ..0..$>.....3|.u....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\scrollview-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):145
                                                                                                  Entropy (8bit):5.714767345303081
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARn1fcZZT6ho7I/lKhkxdggpFvzEhuAVAhsw1glulVp:6v/lhPIARGKcI/MkX14hufhkulVp
                                                                                                  MD5:8971FA8B50B0F638D26C47EFF1821F98
                                                                                                  SHA1:FFABF1026A808250B69ACC4F7263CE09388CB8A1
                                                                                                  SHA-256:046E91E191B4DB9F38C631004FF261C3A391ED6BD10821FCBD75A367B99045C2
                                                                                                  SHA-512:D611D71DC19F8D42254717D4EFEEF57EF243BA3E2F4BC31BBBD5E8E2F6834CFC576B5D26205C9ADF4411421BCC252A51F18963BB77CF3830C982AD52690B37AB
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTEyyy{{{|||................;.!...4IDAT8.c(.... 0`.J.8$.F%F%....#Us....@.D..H.DB....*.8...I.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\slider-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):190
                                                                                                  Entropy (8bit):5.4933124189970295
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3VK1I/XKffNNNNNMHNNMAv4rC11RTzBDstGFFcSwPwuzD/c092lu:6v/lhPIQySGEyT/Vyt2cFY0Ulo1p
                                                                                                  MD5:9D9C9F0FD704C905E6EE1C007DEF564A
                                                                                                  SHA1:7EF78AD90525F12142023539E3EC27973D7C78FC
                                                                                                  SHA-256:62687A61FC08E488563F76DEEF1C3DFA13A4D46B1B2989ED0B8E97B8EA286A80
                                                                                                  SHA-512:D5B2C74D9CA1A60FFD23A670DBBA1EA41451F4C66362723C2224E8BE5CC07EB23C716C4CE16310A76973761C6D680E60ED06F807F9038BBF41BD3A53E8595DC1
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....'PLTE.......................................c......tRNS....0.......L....<IDAT.Wc`.#`.....x.Z..f(.A.U........Z,... ..\...D.Z.........6w...q.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\slider-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):156
                                                                                                  Entropy (8bit):5.350695533504228
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFZ/XdNNNNNNNNNNNNMAeHi/wJkpxl7XI5d0itKlTp:6v/lhPIFZ2JC/w2p7XAdpKlTp
                                                                                                  MD5:F942789BD0956CAADA211A2C810DC63E
                                                                                                  SHA1:067740E71F58D904F94E75E7DA448061F1F6D12A
                                                                                                  SHA-256:A1F3E4C5B3955E27AE26B96AD3611C68EA3A0C821F79E26E3037050F77DA30D2
                                                                                                  SHA-512:F2BF10840DBD8A6D8B08CF1E3C54F57A8F65163CF9CFB85067C58CE81A0BA21D67782EFC6E63D301EDACEB9EB88DA39D1EEA8C2892A7506D05368462D6838075
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE...........................qw.....tRNS.......nl....*IDAT.[c` .0.....,ii.@*---Y.....Hb.1.RH..........c....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\slider-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):227
                                                                                                  Entropy (8bit):5.866832811696198
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIARAGDYiZEs6gmYMOv7Rr9yQWFaFTBE6dwup:6v/7A0tYwEnMr9B6udtZ
                                                                                                  MD5:E822A91DD08DEA02CE0FBBC04393C0D6
                                                                                                  SHA1:93DC5D4918A51941FAFB6DD780D3BB9C99D5836C
                                                                                                  SHA-256:E2549F3EDF7F059C7386780ACB7B837282226713DF8E335EA20EAAE46D558292
                                                                                                  SHA-512:F8604972BE7607DE0566F0370C8E3E79077C750E7EA67B8B2250044D97E487F9071206EE4796D02C6B69D4C06D3DADA9F2A4AFFE86905948C679CE7BF1211273
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,....*PLTE...........................................2.....tRNS..(6...........^IDAT8.c`.....t.p.&.....1...@...0$XW.A....Db1...Db.\....Z.*Im...%v.Z..D...Q8-'.\....$8..w........o..~......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\spinbox-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):144
                                                                                                  Entropy (8bit):5.471799790326293
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/QgdLyfPxPSs7Kn/1p:6v/lhPKN2Mj0qeIgYxasOndp
                                                                                                  MD5:3ACF8F050C539013B7CA3F5A2507D7F3
                                                                                                  SHA1:99E6EF8B13D65168820CBCA2042FF76D0B53FC7E
                                                                                                  SHA-256:A4B625CF8A9514FB099BF6EC10BB3E3CB85EEC1965E559C7D2A945B4CCE9FA07
                                                                                                  SHA-512:3FCEF6971FE2EBFC5C856C88BD02CDBADFB81C77A2A298FA2C21842F964200A45F92210491DA250419994CC5FD4C0CC1DB4D4013A8D576B02FA33453F028E082
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z...0IDAT..c` ......q......x..L....(g.. .0v......F...Y...........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\spinbox-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):151
                                                                                                  Entropy (8bit):5.289373199432374
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKul2xlfoemActmBtEW1pRH/DTMp:6v/lhPIFdmBlaCiDIp
                                                                                                  MD5:12C141DE87750B93FEED16AEA4D59DFA
                                                                                                  SHA1:2792C683D0D0C7D70634922EBB26F8A2CD841304
                                                                                                  SHA-256:8AD23FC81CF56182C5D8A70BE925539DE31BCEA0F2B6B54BB8592A71AE634545
                                                                                                  SHA-512:61CECB8FFCE760A4A5C07FF7089DF185EBA39CA2A9B74636B061BA16D3276C3A595A635AA5BBF0DA0653AC0549B1983E9D58F74D5143CC978AB2FF4A987AFE84
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u......3IDAT.[c` ..@...........................`.1.X...v"......ve+.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\spinbox-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):178
                                                                                                  Entropy (8bit):5.737192759794231
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKuldxn9g1ibdGjtk3NMrLni1YQPysup:6v/lhPIARwymBldnLs82fni1YQKjp
                                                                                                  MD5:9F19E76E985711D7742F5BDF2D2F92F8
                                                                                                  SHA1:EF732E94805D95379524CCE3904D23C0529E88DF
                                                                                                  SHA-256:DE0D8D23A147190E9A5A1D97828953D2AAF73938033BE5C648BD621CCE8533F0
                                                                                                  SHA-512:F909F88889A304226E4AD54FFFD07904159870A5A69A86D88E1063E1A9D1F76DFD65D25F10ECC3B69E4A9B77E50412414CFF70D228A486E29424E71A4D90AF6E
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......NIDAT8.c`...... G.Y.. $.....I.....&'..*..@....J...LJ....BH...K.t.=.......(......P}u..w....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\stackview-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):162
                                                                                                  Entropy (8bit):5.538152420362062
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKulkwVFFQIdvitOuHIRTFvUmLaux1p:6v/lhPI4ymBlkWbitTkTNMKp
                                                                                                  MD5:AE0B77BD4576B7D969E59CE4E0E7DCCF
                                                                                                  SHA1:C45605C282F81092C5ED6B883625F1DC90CA51B9
                                                                                                  SHA-256:8D0EC44BA53CF381C80624AEF18CE8962730BE6F8EBE15890CB32A0B8C3477B7
                                                                                                  SHA-512:C71F5C9BF3F2548E3F627DC2EE57E3D615E9F43F7D16E9D0430234A239BAE5DCBBF5EE0C476383B00AF0A67695424237A4B930A60B2D6F9C97C8F37E1D02D5DD
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......>IDAT.Wc```p....0p..,.8BJ......... .D-.....$....*..!..n... .../...D......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\stackview-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):151
                                                                                                  Entropy (8bit):5.483416238500208
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vn0Xl/jgFdNNNWj0qIW16YAN/fRP3/NR0sMOClUdp:6v/lhP2l/UMj0qeV3b0sHClUdp
                                                                                                  MD5:6B34147F7E53063D9A69ADFF5B43D82B
                                                                                                  SHA1:B877975FB84EB671CB3231F532D32B1178AEE3C1
                                                                                                  SHA-256:0BECB6FB56908D6E9923693F0685D0D03E8A14A65A03B823765914BAEB07BF2B
                                                                                                  SHA-512:1EF9C577BA2FEE76DA7B634BEE09256D26B15800DF0817AE837D208850D733096787CB1265AEAC12D8627D67D3E640BA5C983B56872790F783884EDD2D6E88FC
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............b.......PLTE............3.......tRNS...=..z...7IDAT..c`.......;.......lh...................3n.jhh8X...!...e......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\stackview-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):167
                                                                                                  Entropy (8bit):5.671979642193636
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/Pu2S64coc+ToW64aZlkYKEvS/ZGzC:6v/lhPKaZz2Mj0qe+2Bt+8W6/+Unop
                                                                                                  MD5:6E2B86314F1E6172078DD8F363E41A03
                                                                                                  SHA1:43095F9DA760BFA6D1F5E90B5CA857B8FF0CCF10
                                                                                                  SHA-256:8B196AFFA121B3423B2E552B6C000F4DF419DCEA9384707DE5ABCF5EB6D26534
                                                                                                  SHA-512:C3E97A12DB7999F912FF09C3CB443EFA2153D06E4511CAA12C5D56965F95A71F8DE3755338C1BB4FE0711A0FE40F83BC6EADBAD0ED96F3EBEC83D02C6B2D4AB5
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...GIDAT(Sc```....`....D.S.#......\...h0....v.sB.a...e....p.0...H.....z"....2..|#......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\swipeview-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):163
                                                                                                  Entropy (8bit):5.551420334011245
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKulqxTVkh1LAHn2anbxL3gH9YlI37Ykup:6v/lhPI4ymBlNLAHn/bxcClILAp
                                                                                                  MD5:A295FB581A2BE0C174CDE70A659DBD08
                                                                                                  SHA1:1C80AEB0FCA9A772D7A3D98C30A08F1AD629B77C
                                                                                                  SHA-256:E5856AD4FA95CBBAD49F8D33705550A74A718FDB398EB82E717ED8B7C82F14D1
                                                                                                  SHA-512:9B745842F1E1BA0F39EBD57E3BC2BA6C2B527F773C62F00D60013D806D20D645C5874A1CC5FF9166A8AEAE75F502E2E6F01F7FEEC3B91E39FFEB810DA8129138
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......?IDAT.Wcp..'.0.P.9P..........#8@.......9.J*...s ....9E....&D.<..-D...r......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\swipeview-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):152
                                                                                                  Entropy (8bit):5.498034660707387
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKulShkxtLN7SMT+bN/4WdjMUjtT8l/Vp:6v/lhPIFdmBlSkzqbKWdj3jtYldp
                                                                                                  MD5:9D39515196F0DEC21C611FCD050CF429
                                                                                                  SHA1:B5003DD2F43E72E411EB0192D3104381B4F17B81
                                                                                                  SHA-256:98DD3480608943DBCFDF9C355084F03988BD7A479564C13EEE52B603D744C90D
                                                                                                  SHA-512:FC400936F84BDA091F07C56415A8018CA4DD330C0BBB948294C8ECA2147EB90ECD24E9697B7B2EF0599FADE0D99C9A0E27ACA62647ACC56CC17E59B513123530
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u......4IDAT.[cp..'. ...J...X.".e8...'....*....V8+)).m.9..@..7;6.,....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\swipeview-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184
                                                                                                  Entropy (8bit):5.895196816712992
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKulyRnX5jtbNTXdBVdZsw33BpLT2Qp8PwR:6v/lhPIARwymBl6X5VNloC3T2rI/p
                                                                                                  MD5:C94A18A711579221E21926D034418D51
                                                                                                  SHA1:1AF9214AA7BCBE5F4D486F8BCD19168FC1336CB6
                                                                                                  SHA-256:C6CCB895A1FB51423297A02194E4D9A1AC2E5A7BD690903FECA458582F90DECD
                                                                                                  SHA-512:C29258AEDE103C0F4EC4A47CB8BA3D98A1783A3D90BC581425B498DE48D308D8436CB4455315B1B1A7F0A232218B61F96D9614B2EDC69B3303A22B30C1001641
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......TIDAT8.cpA.N..@...v6...J ..).l...`;.I8!..".....,..C@...T\h......$J.C\v.da%.LFvY.C....j.x.4d....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\switch-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):205
                                                                                                  Entropy (8bit):5.594990029755057
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPIiImcNj4pWBXRIj2QzsXdpi69Rleup:6v/7AiI/c8B+jWF9Rlz
                                                                                                  MD5:206A6FC03CD33199856E1640141388DC
                                                                                                  SHA1:0A5E3C75A37921EE6ECD5AB773798ECED53C7B45
                                                                                                  SHA-256:C8F6D4CB1869750B512DCCE9A605FE9625EDD76117253DC41BAE0C3D4DCB0C97
                                                                                                  SHA-512:F4D02D5079EE212A9B1141F6139DA730CD58082D6EB9F8A0A055ADD849A5523BCDF3D99D71161703D4F54AF0D0F7CB3A79318FC6D6D8D843BE59497A1AB51B95
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y ....$PLTE.....................................{@h....tRNS..."x.........`...MIDAT.Wc`..P.........wC......S#..&..m.............v.........T..2..P.F...9T....O)`..t....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\switch-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):160
                                                                                                  Entropy (8bit):5.246846198705042
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSF9fgFdNNNNNNNNNNNNNNNwzvntTGyVsRSXi8OhRWB/rhjcl50:6v/lhPIFuazntTSwxOwB/hc7Cp
                                                                                                  MD5:4711B1D69BBFCA2A841616BE12FC415A
                                                                                                  SHA1:F019D9B9E26C7735F8DB4744AC3DD747E7D9674E
                                                                                                  SHA-256:8690393A518700CED00DA1322C2438BA6F6498C54AFDC309560E8DEA1A953119
                                                                                                  SHA-512:10407BD8413FBAC603CC0418985D820F85E772E1DB0B1BA59FB429A14AD8E4232AF508E4FBBE15784ED8B62E25C71AC93B9880AC1982790B04AC7AA5ED219764
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE.........................xTr....tRNS..T....D......0IDAT.[c` .0...A...h.;...`...b.3.00.......\1\;......c........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\switch-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):314
                                                                                                  Entropy (8bit):6.251493142003294
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPknl8p8wwOhzqF4JNOWyeTruJF1ITXXorBLAVp:6v/7+KPSENOWyeTKATnoV+
                                                                                                  MD5:D7AEE8B1B58D1F9D1314DDC0D7D3F7B2
                                                                                                  SHA1:6CCC8E8E69408BCD2FEEC1510C0D395A3F80555B
                                                                                                  SHA-256:77CBB8F223A8305B80415E9827F96E2EFE7C00A1A947E36D329771FBF90282A3
                                                                                                  SHA-512:F854C66AE43C6B378CF7C6F94592961EE72607D4C321A782237B844ED5E228F3393804F45CD346690882A82E7E21C9C358BB5DB09BC5F24FFCCACE0901E2B773
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....`......6PLTE.............................................................tRNS....%':c|........G@.5....IDATH..... .DG......l..#]45.....d..&.g.T~...?...l..op.3~.M....M....i9X.r..r........;.|._NC...H$..U2#f.PH2.M....d..A.T.$.(....@.......GC?|.../.~E.G@.f&..y...:.........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textarea-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):149
                                                                                                  Entropy (8bit):5.280328657369903
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKuldhkx9wCmAfFlp0F3yqyoA476hG/ljp:6v/lhPI4ymBldhwwpAtz0Fir42h2Vp
                                                                                                  MD5:EE79450C7A59869368EC5DFB4B432BA5
                                                                                                  SHA1:1E86848B8779F85737CFC69A00F8CB113E4F6BA5
                                                                                                  SHA-256:5A266D70001496C2EA91123EA595228394257E937E0DF19F3F3E95FFA00A0C47
                                                                                                  SHA-512:93FA1561A8E0599595093E85EA96E172AAE38E13A19017362934A6388508B61122AAFDB28E2372879F17C74CD177D161ABC88E3D34A5741515DCDC70BA143C27
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......1IDAT..cpA..Ds.. ..Q`..Z+C...... .)....1.`.e.v.....>.D.ti....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textarea-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133
                                                                                                  Entropy (8bit):5.262573233393416
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKult1jJT1RrWpMlsg1p:6v/lhPIFdmBltRZ1Rykjp
                                                                                                  MD5:C2BDDB16545C42CA40397CD4ED241E69
                                                                                                  SHA1:E2D2B96F3E5B1DC944455C89A3739514390F4BBD
                                                                                                  SHA-256:41E8E252ABECA49BD6EFBF151FE02ACF120FEAB7980875D46EEA5A8E659D966A
                                                                                                  SHA-512:9C172567CA616AFAAB69AE5EDCB7D71B8ED82546C34F1A1B642F07335EEDC9F3AC3CE8A9870B6FE9E097FD09FAE5E44836947DC3FAD062E58BA186CB746185B5
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u......!IDAT..cp...,.g% P!]D.j........vK.....k[-.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textarea-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):163
                                                                                                  Entropy (8bit):5.583953395601585
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKulqx3kDWmfz3GL/iPXggMqPUAgL5Vp1p:6v/lhPIARwymBlXfDGL7qPbkLbp
                                                                                                  MD5:E358C0889196E2B72F6FF214B29E1DED
                                                                                                  SHA1:19E0DB35887148380E4FE1364F7B60904A00DA81
                                                                                                  SHA-256:F51CE133DD7CB2ED74C8DAB85E775C46E705BFC91D6212A8D04B0C5432C822A1
                                                                                                  SHA-512:D7B00195F7441F6C1F4A73CB90B0119B830BA75980F16D7A8D007A309804E389394383E0D6AF03CDDD00A5A7409AB6EB101FFCC96E084F9495B0512753DB579B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......?IDAT8.cp.........P.K81........@W.`J8!.$R..E...a%.$..@.....*..t....\&.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textfield-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):154
                                                                                                  Entropy (8bit):5.464770434252999
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vi1I/XdNNNNNNjP3oKulVxTFFtc1evEz8hCI5Ph7U0lsg1p:6v/lhPI4ymBlVJtcs8QPj7U0Vp
                                                                                                  MD5:2F5E19222C6FDB8345CE01A70EA1F850
                                                                                                  SHA1:35F296D79DDA2AC9A39EEC80CE7CBCA5EA91D596
                                                                                                  SHA-256:DD0453FD04FFA9AEDF5AAC978FD4F2E22107FB46D6F2869CBAC4DE5903E1500A
                                                                                                  SHA-512:6CF82E2C79DA90FD90678B8A3F09ABB7F7D098517370D8ED7F72281A62B1FDEF613D21D184DBB7D73BC52776FFF5F3FEBFD7EFA0E40A30CAFFE5F99D746166DF
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE................*.Z....tRNS....u......6IDAT.Wc`.*pA...*@.H..\..X...." .Y...B..Y.Y..;...(.........L......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textfield-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):147
                                                                                                  Entropy (8bit):5.271824568304948
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vhSFd/XdNNNNNNjP3oKul5g+SfoAu2wUL9EJRkv5U5XB1p:6v/lhPIFdmBl5g+4hL+Rkv5Ip
                                                                                                  MD5:4E99A999FD9C9D49132D3990F8AC4FD8
                                                                                                  SHA1:D8F7FEB75D5058E56914E33B084D86E95162919E
                                                                                                  SHA-256:9A8F3EB2A14EC5517495F687402351FBBE2E06A04401D03D294E2544913B62F4
                                                                                                  SHA-512:C4807438CEDEF8BF98068E07DFB814A6FEADA96A7ED9DF33A7E4531B8B655300A0985DD367685FE33BE9C6CC28EDDD376479A7CAC5E426E20B0A7EC71A4AE480
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................R....PLTE................*.Z....tRNS....u....../IDAT.[c` ..@...............P....E...,..q.0................IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\textfield-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):172
                                                                                                  Entropy (8bit):5.565869118588712
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARwjm/XdNNNNNNjP3oKul2ROgwx2tTSVrMQJhpG1lo9fbp:6v/lhPIARwymBlGOp2hSlMQQwxbp
                                                                                                  MD5:01936B6356468DB3B51C9A5E2FDC5A65
                                                                                                  SHA1:377163F3997EBCD24B5B24789D3B66C74C38B875
                                                                                                  SHA-256:85B8DDBC37078A49F151F2BFF080B33DB54B6E0C2A8FE6A044B83D9A3148A2DB
                                                                                                  SHA-512:C2DBF3466B18B75DA7B41811B5D2230D22D8A3EACF5464D98C2F45E39D53EB4CA5FDB905EC24CFEF45ED38F0B0D409E56EAD66B880E1084066795497D45876E8
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE................*.Z....tRNS....u......HIDAT8.c`..D......g%(.Y..T..N0MNH6......M.,D........pV.`...I.]...K...h....T.........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbar-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):131
                                                                                                  Entropy (8bit):5.692791368990826
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl5ljshgFCnvaRRdQFRQhVTWtdwQdKQo2zc+tlsg1p:6v/lhPZshFvaKFuhVTWrwQdJljp
                                                                                                  MD5:0B3610A43E69EFFB258530B2C8A1E05F
                                                                                                  SHA1:956DAB7407CC91F172E29C3CEAA365FE1A9EC061
                                                                                                  SHA-256:091C60F6BA74899AB0BD2AFC454755659FA7D3B40A9A1F1F2E8FF557ABCA697E
                                                                                                  SHA-512:6FEB8F19A19585A72622D715B26948376DED38D4883481094AD500B44B1CBCBF89EBDA710EB26D7B12389C157482B1E4D9B4DEBB78519D048D21076C9D43E822
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............w=....JIDATH.c`....R..b............4.....G(.=..0,.......a......q0.-..h.`.....@j!..y[....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbar-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):114
                                                                                                  Entropy (8bit):5.411629991612867
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vt3ldC9ggH03vMJH/ptmrIflif2dp:6v/lhPt+1qOdp
                                                                                                  MD5:B7904D7012F810EA4372C0AB83DDA63F
                                                                                                  SHA1:386758160936A4457FA5952A987217EECCFB0E0B
                                                                                                  SHA-256:B5265D124540A03E1FA7DEC3160B210B0BA48257D272B77F2F98CC17ACD1C754
                                                                                                  SHA-512:793C1BE87B60FF8010E9AC2AC45AA09DBA51E9B0B9E7CF32219DF72B82BABAB36B0FAC380BEC9C8A4A264BA24CB4426302132A645C44F01703EA86A261E99B65
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a...9IDAT8.c`...+V..O..L.........A,l.r..|.......W..^ ..|,........e@]......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbar-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):140
                                                                                                  Entropy (8bit):5.440896780220224
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/CgFDyFe1tqcslarHPzOll/jp:6v/lhPKaZz2Mj0qeqMyCqSHLOltjp
                                                                                                  MD5:543DA2BF9D3492EE6EBFFCE6B9877E88
                                                                                                  SHA1:23A1C8A2C1B977ECC040E5B238E51BD93797216C
                                                                                                  SHA-256:286A7E5F47C1F8F67008FF1343ECE35CD5236AE9682E6556398C4D19682B2406
                                                                                                  SHA-512:7E1474B129A82A3B11224374BEAA58A12D4020D4FA49CD0ABFC3BA3C855FABA42628166B630D463013EB49476A92EE352803DAAF2216F1C78029ADE09229678E
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...,IDAT(.c`...?....g..z ....|a..`.D....CU..b...#.H..)'....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbutton-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):141
                                                                                                  Entropy (8bit):5.379264569931083
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlG3Vi1I/XdNNN0ox8s16YAN/UhkxTFFBTDXVPtyrt8GOal2up:6v/lhPI4ycEGMhkJh0Pkup
                                                                                                  MD5:A9EEF3A8FCB12A1268E4E596A4FB7027
                                                                                                  SHA1:5F8988A750D1ADCFD7546AF0C4468EEEC4C0C00D
                                                                                                  SHA-256:925D6C1F934919B59E1F3E142B2E7A38B0D4F6D5CA2FE67EFB7F237B22C300A0
                                                                                                  SHA-512:46513B83E36038E25109B9EA8485C631A569488B7313AFB67BF068493B092505E64EB4ADA7E8A15C7A3B656DD1B8D8B78A0CE0F4670F02A25DFBACC6CCB1CAAF
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............Y .....PLTE...............XK.....tRNS...=..z...*IDAT.Wc`.*0F..8F.&.....@.!..#.,.L&.8K......O..n.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbutton-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128
                                                                                                  Entropy (8bit):5.484719007484493
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vt3l2oS9ggH03vMfaYduXxXxpVNqjp:6v/lhPmoO1BduBxpbqjp
                                                                                                  MD5:8FFAB9FDC87C87B467CA5B6E509EBD06
                                                                                                  SHA1:CA3EF980B176471C381C11213EBF48A0BD086C12
                                                                                                  SHA-256:158C753531D79B927CD384125688FA813D4282CCA5D237BE7E89B8DD66E7FD85
                                                                                                  SHA-512:29F128AD73925096387721D88C5391EDE4F55790C3B5DD4E391FCCD9097177173517142E24B747CA5B66C88339DC18AA5A22F51DD666A75AE787F0457CF54203
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a...GIDAT8.c`...+V..O..L.........A....MUU.MUU.lrhl..>FDD|.a....:.z.,0.0.....R.1.../....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolbutton-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):158
                                                                                                  Entropy (8bit):5.52464701972986
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlGARtjm/dNNNOq6D16YAN/uqgvaxl1AG8lk5tKRfwoH/FTp:6v/lhPIARomA2qXXmk5tKRIUFp
                                                                                                  MD5:79CB355F34FB2BBEE2A2D12269EA14ED
                                                                                                  SHA1:8886CDFD864091253FE0AB7EE3C0B7B39D075D05
                                                                                                  SHA-256:AB648E389EC4282747300E00A293A1DD7DDB56F63E232DA241D9B66A66009590
                                                                                                  SHA-512:EC70E8ABA94786C9031EF0C9743EDA3C0241778DE1AFAB1E3338B7F6414D19C81CF578DE97FA6593186A6B53B6E629D3222AD458D272E9282533CC37FC1B64C1
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0......,.....PLTE..................|.j.....tRNS...=..z...8IDAT8.c`..D.c.`.%....MCCC.......\.......C..f0w.K.....D..f.d6.YK.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolseparator-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 1-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):111
                                                                                                  Entropy (8bit):4.957976694021429
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlj/ulrI/MB/hl/W+Soh+2Jljp:6v/lhP9/qrIEB/ho+Bh3JVp
                                                                                                  MD5:7DE9B2CCB7358665D6F9C967F8A52B9B
                                                                                                  SHA1:947F623FF5ECA892B2EE4D6345775C7732A18427
                                                                                                  SHA-256:B1198FEB502554A254F9C1F3D86C1934E793876606CE1923458D0838CE1EF114
                                                                                                  SHA-512:28824E1B22A0FF8A99A1249B4919411AF621B3B4FC61E5C5BE2C657ADE56C91EE337A817B819FF1861705D77DB07F8329FAB9D3E80505D53243C28F51605C327
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................PLTE........,....tRNS.@..f....IDAT.[c`@......=V.M-....=..4..^....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolseparator-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):123
                                                                                                  Entropy (8bit):5.081901022737609
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vn0Xl/EgFdy5gB45lo4oLkYG+LtMEB1p:6v/lhP2l/En5EXkYzMEjp
                                                                                                  MD5:F84CFA180D61FAD20F15BACA974BAE38
                                                                                                  SHA1:62384A0B71533F9448AFFA806FD3B283EF2E7CE4
                                                                                                  SHA-256:B7B0010F45F586A24225F07576AD4569327EE948C51C58F77445C6709622C5F6
                                                                                                  SHA-512:5F5F3704C7AEA85DC4D56B10D193C9AC1EB6550B778C7BD416B8C1BE52DD8F2D6F1AABE6111F0DFD6862F422F7341D4E0B0F84229C3DCA767761A0E65BDCBBFC
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............b.......PLTE.................tRNS..k$.\....IDAT.[c`@.L..L`:..!.B..p.I.....r..i4v......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\toolseparator-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):131
                                                                                                  Entropy (8bit):5.375057979510251
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZ2NgFdy5gB45lCxxF3F8vw8rv0Oetlsup:6v/lhPKaZ6n5EvF8vdAsup
                                                                                                  MD5:B00DBC62068ED5A2580A030E0AB25A8D
                                                                                                  SHA1:E4B348F3CC56D61749929A722A4081E0A00ED47F
                                                                                                  SHA-256:5B41B2F5367516B08139E31150AC48C16A256136B96C2D33ECBBB502AA8240EC
                                                                                                  SHA-512:E407BE25D483862B1CA772F12C49368E50C7B27BE9045209AE6350F46E091E6F7BC8BDB67F40897F2DDD6384B021297C119724C120EB91B1C71BAD9B25CEFA48
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE.................tRNS..k$.\...'IDAT(.c`.0......P...X.j...b.2..C..:...C.L...1&....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\tumbler-icon.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 24 x 24, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):132
                                                                                                  Entropy (8bit):5.1853515197363444
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclBpNgFdNNNWj0qIW16YAN/ySx1oA8mfXa50lD4a0eup:6v/lhPKN2Mj0qeqNHvp
                                                                                                  MD5:6E8D2AB7A6B39E24F7152B61103F1680
                                                                                                  SHA1:D35003C05E5F929B36129D5F6F78AE050BAB5BA1
                                                                                                  SHA-256:66BC18B0F169CF3C17C1EE95938B4E6A5F517594A7799839EB24468F05EA0511
                                                                                                  SHA-512:5D1D4351E4999DDEB7CC7CE894E824294672E34000BC8824F795724822C048EB54DC5DF4F6175A0C2E8013C7C69962552FAF9D9BF7C230E16D564DD1F99413DB
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................k....PLTE............3.......tRNS...=..z...$IDAT.[c` ...c...?.e..E....c..2........3.n.~.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\tumbler-icon16.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 16 x 16, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):127
                                                                                                  Entropy (8bit):5.141135587181968
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl9vn0Xl/jgFdNNNWj0qIW16YAN/HAkaG5Ob5ZRmDnldp:6v/lhP2l/UMj0qeHOb5ODTp
                                                                                                  MD5:D4F0413B84CF58CF1792755A45687C52
                                                                                                  SHA1:0EDD307AFEE89BA3086FE15965101BBCDA056903
                                                                                                  SHA-256:DFA7FD0DCA712C77BAB4161E6E8D5C2DFEED76D3BFD75B7A194BFD5988EB55E1
                                                                                                  SHA-512:953A5325E94F008157A327B6485E2EC500A04855981D930741EFA86E2BBEF62E893F2CC7711775814DE33564803EDE623013C202B94C9D46D24228176929AFF9
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............b.......PLTE............3.......tRNS...=..z....IDAT.[c`.......J.+....y..|$................IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\images\tumbler-icon@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):153
                                                                                                  Entropy (8bit):5.570142675030674
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlclIZzNgFdNNNWj0qIW16YAN/cFbfeaMqBZlnglWFKRB8os0f/p1p:6v/lhPKaZz2Mj0qeoWh6ZlnECy8x0fTp
                                                                                                  MD5:150D4E08F6162BA400DF9593A2B384C8
                                                                                                  SHA1:5F9F5B1BF80160B3C1A32F559F48BF5A7E992B72
                                                                                                  SHA-256:7D2EE15DC2297AE4C6E376DE8157B00F1361FC93FE374B2A170F4B9D2F90510E
                                                                                                  SHA-512:9566C3849E21005BF435211161FD5878D90A7BB659586A1FACACE20453F291F87C109DD0F927F36FE7DA0C9B0DE829F8249883CDFA1BC1FCFB6BCCA1921CC782
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.....*l......PLTE............3.......tRNS...=..z...9IDAT(.c`.\.........b.dP..4..s....z....p...9_. ..~t.U-.*..?...........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\designer\qtquickcontrols2.metainfo

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):15567
                                                                                                  Entropy (8bit):4.375325481184021
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HoOdBfuiDD4G95fxjHhr485QkaRN70NJEY5AT2v+ZWg:Hnd/xC
                                                                                                  MD5:218C6CD7718DA651586BE01E10BA4EE1
                                                                                                  SHA1:7A43E9CE0C50DBD58BC1F6284D397F86DBB5EC6C
                                                                                                  SHA-256:3EF9DEB4BA7F25FC2FDC6B6250DA83B8D46DBD8AFB93E9378D855683FC918C69
                                                                                                  SHA-512:44FA667413396FA81ED27B1F6F33A3C59709FEEB4E067483394E00248399AC9EB0BEDDD1D6B6468E33DA59B0F845EB9D422CEC5B96814DBF4295CCCFF1EFA123
                                                                                                  Malicious:false
                                                                                                  Preview:MetaInfo {.. Type {.. name: "QtQuick.Controls.BusyIndicator".. icon: "images/busyindicator-icon16.png".... ItemLibraryEntry {.. name: "Busy Indicator".. category: "Qt Quick - Controls 2".. libraryIcon: "images/busyindicator-icon.png".. version: "2.0".. requiredImport: "QtQuick.Controls".. }.. }.... Type {.. name: "QtQuick.Controls.Button".. icon: "images/button-icon16.png".... ItemLibraryEntry {.. name: "Button".. category: "Qt Quick - Controls 2".. libraryIcon: "images/button-icon.png".. version: "2.0".. requiredImport: "QtQuick.Controls".... Property { name: "text"; type: "binding"; value: "qsTr(\"Button\")" }.. }.. }.... Type {.. name: "QtQuick.Controls.CheckBox".. icon: "images/checkbox-icon16.png".... ItemLibraryEntry {.. name: "Check Box".. category

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33341
                                                                                                  Entropy (8bit):4.534136956343582
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:gima/rqfyvocsgWAEPHd/RBcWTkrmIhUeoiADLTEEZZjHK1TlbyQHhEUGBGgUq2W:Xb/rG+KXD
                                                                                                  MD5:09EBBE642F2775F9B5A752C82D5AA754
                                                                                                  SHA1:B94DB32B0D39C129F3A16DE43697B563658A214D
                                                                                                  SHA-256:86ADC43D2FB0E3AC925E7E7AD545C771D5CB45423F0E352D68C379FC9A205360
                                                                                                  SHA-512:D99E8B633691F0B5A2FC74E179EF97D6419D9951B1202AC17926F9F7C1E1F71D94578AFD545867B64A1FC18E671F95CF616CF88D890A1C5337E773ADA0342A18
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Controls 2.15'....Module {.. dependencies: [.. "QtQuick 2.11",.. "QtQuick.Templates 2.5",.. "QtQuick.Window 2.2".. ].. Component {.. name: "QQuickCheckLabel".. defaultProperty: "data".. prototype: "QQuickText".. exports: ["QtQuick.Controls.impl/CheckLabel 2.3"].. exportMetaObjectRevisions: [0].. }.. Component {.. name: "QQuickClippedText".. defaultProperty: "data".. prototype: "QQuickText".. exports: ["QtQuick.Controls.impl/ClippedText 2.2"].. exportMetaObjectRevisions: [0].. Property { name: "clipX"; type: "double" }.. Property { name: "clipY"; type: "double" }.. Property { name: "clipWidth"; type:

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):140
                                                                                                  Entropy (8bit):4.5380471064327965
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BV9NKF7eURCNHJccvyWmopCxKeJQCKyxRSGIjNUkovBUoAw:xVfy7eU28oIQCDCGIjuvBUo5
                                                                                                  MD5:659ED029AFAEABBE4235968FF5292736
                                                                                                  SHA1:565CEBA5B695EEBBF28030965EE5929C2A5A2346
                                                                                                  SHA-256:7B404175BB8E2B0D3822E75320C8D6D09C61BB53F4513C235A7D04AC7D34FD57
                                                                                                  SHA-512:41FCB039C054C7DECB9FC7CA198F3218DC0965813758B66C5B8B174B732040A33F2D3F54037AEC7A9C48AF5CD3BCC798DDD41C7458924B8C9BDD49A38846195B
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls..plugin qtquickcontrols2plugin..classname QtQuickControls2Plugin..depends QtQuick.Templates 2.5..designersupported..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls.2\qtquickcontrols2plugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):643192
                                                                                                  Entropy (8bit):5.000079550210281
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:KI4bYOp/pnp+pGp6pVpSpFpIpapFpzpUpippp7pgphpWp4pKpjpJpqpypMpapfp0:KI4bYp
                                                                                                  MD5:F343427EB8324E0EF531D4D3396B1C75
                                                                                                  SHA1:D825155FEC5BD9F05DC82729D004C8FFC7E77AF0
                                                                                                  SHA-256:F7817AA2CB282B0A8685CAC6F68548E20C5BFEC01A4D3ADC06F307ECE27053A0
                                                                                                  SHA-512:9F35F08AFA0E498DCEE1C224F817B5CC0EA42BBBFBF13C24B61AFDE203957CF57C3AA0BDF52A80974CADDFBBFDEE4B51A07E87820A669FC71905B86F69B3AEE6
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(.7.laY.laY.laY.e..jaY...X.naY.7.X.naY...\..aY...].faY...Z.naY...X.aaY.laX..`Y...\.*aY...Y.maY.....maY...[.maY.RichlaY.........................PE..L..._r.^...........!................9........ ...............................0............@..........................J.......J..........`...............x........)...1..T...................|2.......1..@............ ..0............................text...d........................... ..`.rdata...t... ...v..................@..@.data....9...........~..............@....qtmetadq...........................@..P.rsrc...`...........................@..@.reloc...).......*..................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\ApplicationWindow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10075
                                                                                                  Entropy (8bit):4.717439306063525
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcG6ZTxk/vxN5PpD5srxnITJ9T0CPnTfvTGeTfUTa:RG61AvxqgJ9pPTfLGSfka
                                                                                                  MD5:5867D5245B718F84DB408F61BEF0586B
                                                                                                  SHA1:1C6D4995807E1A4D4AA1C60AF5E21B1249428068
                                                                                                  SHA-256:89DACB880798DE404343B7C7C601964EA9DB8C94C6D80E94488F16B4CB687A10
                                                                                                  SHA-512:FBE6E03CD93AF72B090CA71BE170F7CC1247C367A6E535D1E6675A12ED504DDE248A0811B663B2650F847E89E731450C950D7492914BDE725B9BF12CA0AD0644
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\BusyIndicator.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3172
                                                                                                  Entropy (8bit):4.857750127629911
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+OLqF9JXacl40XRJcynK:KogUldGcQWvVQ40X7cynK
                                                                                                  MD5:D1F9F9211AA7FAE7F0D9579FC123D685
                                                                                                  SHA1:62C23659B3A0447043BEB3C3965861574502E89B
                                                                                                  SHA-256:5F8FB95DEE1242FA981C0201D82E0094880C88F98EBB7516D5F692A63CB64F8F
                                                                                                  SHA-512:62948CCE34D7A31A411110ED0D024C61DD9A5372971266C749BD5344EBF92FE5C1ED8C7C67DC38E70DEE7E1DB2BE33234C3A55472EF1E9CA5539B287B878BA19
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Button.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4722
                                                                                                  Entropy (8bit):4.806184277509732
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy99nC+r30n9Na8slfYe31ppELTGITqtguPcwfZY:KogUldGcQWg6Y8MpELTGITqtguPcwdCJ
                                                                                                  MD5:2E42047FE47F5B070DC7C903C4E520FC
                                                                                                  SHA1:C4D55119C4E613E0ED48833C232BF6445738E1F2
                                                                                                  SHA-256:E30F2574809B4A3D6804CD6405FD56A1EB59F0EBD63FCCFADE27CC12E45C9EAA
                                                                                                  SHA-512:78BE625E72816EBE760052EFFEE160717F77B388887161589E19D8B4BFB4FCA59D3797BCEABD0C3D71B315D68F24AB0D934EAD0A4DC36ECC485DF6187FD45831
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Calendar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14053
                                                                                                  Entropy (8bit):4.631637955400076
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGBf2NDPkWGQA/avHUMw42QsxsfwR2RH29hy7k0FXmFNMa:RGIGQA+2owR2RH2jbhD
                                                                                                  MD5:8271AC3D4E6B5E7BF47DAE0FCF2B6276
                                                                                                  SHA1:6A7E6A614EBCE44A0AFC940FCCD02C4B8EA6A3F2
                                                                                                  SHA-256:D5BC343B79803DBB1F28E2A9E88614F07DB92D04ABBB2C87DF9A83DFF47FC021
                                                                                                  SHA-512:F807C7E50FD158086737E33DD3C58F2395B0DD789C7A8BB322AF4E3A95382CFAAE33863B74B8A1D0BCDB6BDA246D62B00BC8EE0F0C7A5A17D3174A380BBA0921
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\CheckBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7217
                                                                                                  Entropy (8bit):4.730801636992161
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWMm9NQmNRDuvfQ5cQg0Q0xQMVbQohukHBQEuj82CcSFCrFo5M6F7AOb:KtcGtqOY5x7r+fpmcna5nAOm+wxK
                                                                                                  MD5:CDCE4812D071C06C97A540E246768C75
                                                                                                  SHA1:3F19A67F23AA2D6F65A7A132F1C697F72F01A9FE
                                                                                                  SHA-256:C2972F85CA4BCF1D5F11364E46C297D70F611F43F7618FD7E77B421363E3A4BF
                                                                                                  SHA-512:EC04F782D3E286A650CE68BAF546E70DE1813BBB5A561E4773D97FD1975ED87C76B1EFCC13FDA2AFB496E6D5217B9910FDE1BD97D6F09889EE1A25F0FCCF817A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\ComboBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26551
                                                                                                  Entropy (8bit):4.512383919219007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RG7v/WdaFXoAhPF4qPsTsrCUVUQtayvGH29w:RGz26Rw
                                                                                                  MD5:14E14D914B7C5ACC5AFEBF0F8278AAF9
                                                                                                  SHA1:D77E16C080ED950CD315490AED12C327AF35A16F
                                                                                                  SHA-256:EC8D6D62031D1648DA0F7CF174E7FD707AF73CECAD3A7B1D53BB6FF06CEE6EED
                                                                                                  SHA-512:1E670ABCD65DFE438206D4091BF323AE1AFDA9C2CB1BE6A491E4805DBEE75B72FDD4915A829B98C35CD11502A905FFC7EFF09A1E18545D0BAD16A2155B617BA3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\GroupBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9280
                                                                                                  Entropy (8bit):4.5929490054621205
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWVmYoWPEdA+f2a0n0k9BdOwwjo2+tyS+YjdQ+f2gPAs5FWoMmun2g07:KtcGm4dy0+BojgYsxN5uqqjHNGp
                                                                                                  MD5:F62F4F4EEBB6B58235389E671C884AC4
                                                                                                  SHA1:A0CC6F3235A54B4F89A20AE2DE27AEE2F1D53730
                                                                                                  SHA-256:123C647773D5D885A3DB2F5E5BBFB13B51F2C8869783CEB48D5F93CB0E3401E3
                                                                                                  SHA-512:8BF61B9E37C41898216C0659AC728037D56925C4C7404D70B225767DD46F1A22EF7D4037A83E71BD2581B14304989ACBBA30D8BA03A1D71E69A643D6937D05A2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Label.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3212
                                                                                                  Entropy (8bit):4.839032765919857
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9bC+zb184zGdIdePevhTAhv:KogUldGcQWQb1pzESePuAhv
                                                                                                  MD5:1B379BBC8E1523FEFE718627A99EB7D3
                                                                                                  SHA1:35E8319E1C3B8E6294C8FA4A96BB222406973BAB
                                                                                                  SHA-256:F29D6F9D351F71FCD906996C6A3379589333DB53E867278BD0FEDC6504A9AE4C
                                                                                                  SHA-512:AFEF330B0EB7AAD230265EB5B752502E2472B50B1A2957E629D3E090A505384D87486786C2D3AE4CFF277099FC43D794C6024C4D6080C53FA7A29511D0FF4326
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Menu.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5447
                                                                                                  Entropy (8bit):4.706461728806631
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWRCCspEXP1hNgqjMbvpZOci9buA4KmFvZ:KtcGLCspEjNgqjwi9AKmFvZ
                                                                                                  MD5:6DF072421B299327247E0E4042BCDD19
                                                                                                  SHA1:49DD5B2A1E618FB66B97614D4B43E9AFADF5DE67
                                                                                                  SHA-256:E0DF7E7BD642AA535E7FFD5C1B3EA3A1E201C80B554749B05483ABE322E623FB
                                                                                                  SHA-512:2A75F81ACD054516F95395E1A738FB8CF33AE7A15C72AC73D4B0E0EAAE2DDBD1813FF7F000735C6BD7B886E926309251351F6FF2A19BA6E9761DABAA663FD6B0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\MenuBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13079
                                                                                                  Entropy (8bit):4.3505082150816135
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGwslIqMINp8BschTZglH52QuxWYgdpChQ6sEz:RG3HQ35GlSbQ6r
                                                                                                  MD5:5893CD63CD0CF9808A8F0C08FF78B8D9
                                                                                                  SHA1:7C1E9C22AF12A79435210F8F3A878A3FACA8FFB2
                                                                                                  SHA-256:D00319C39C5D8ABA32D480E8A7543B7E9B2913951FE24037C5DC89EDF7F7B084
                                                                                                  SHA-512:A856BD9EBC448067C7607C8CD44F60BE4371832277A00D015BF908B4A4FECCC2F8424479BFB6165AE28DD2A169B54E93B5433C83D1702A8991BBD33BB0E1A7F9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\AbstractCheckable.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6050
                                                                                                  Entropy (8bit):4.801017534733009
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCflj2CJgwO7dri4vmQGRbAAQjhD6rYL6Kj3T:KogUldGcQWHgwVSFGp0V6r81yJHU7
                                                                                                  MD5:2334B6238EACCB034D39A6AD6E1CD87C
                                                                                                  SHA1:9B9899BC33AC4A9ABF0DA87918DD5EC04E086B09
                                                                                                  SHA-256:F1EC6B3620B6EB0B3D435CE92607FC3E6A229716595938B5BA2E616B8FAD5BC8
                                                                                                  SHA-512:B44AE6DF699AF67FFD8667E639E65723F346E03BE6AADFD994B93471063B965D80B87F292804E82089623CD42BC7EA9707B356627936FE71AC314F5E27CEAD3F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\BasicButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8298
                                                                                                  Entropy (8bit):4.7170849721619685
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWLIUJAzsCGfYsgqjeSOOsTII0sRpzdz8oS15omcrp8otIkjXL:KtcG6IUgsC4HnjeSQTI618oq1MTD/
                                                                                                  MD5:884A006ADD8AB89428F89D6393A691FA
                                                                                                  SHA1:C9F0C601EF010D7381A876B976114ECD282358A0
                                                                                                  SHA-256:1651BC9C0BCC321BFC1462D4DE6A51007DC933B159980646656E74B33CE239D7
                                                                                                  SHA-512:A34041F8BF35C3E9AB425AEC096C7D3F66FF0D77AF211464E850FFEA6EBBDDB809C0ADDB73001E19C263EC9661EF7D5C3AC3B494ECDBC70E2F88A2B840130A54
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\BasicTableView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33193
                                                                                                  Entropy (8bit):4.2929858506797425
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RGX+HVCDtXjiS0NAizKBwH5JwGJBZJI0UIHLfnNJyXyTHwL5sP:RGX+uYt+L+LTw0
                                                                                                  MD5:CBF541940BB4350BC41AF5BCD8513851
                                                                                                  SHA1:F8EA2B84128249DFE93043C29EA54AA8CA76D732
                                                                                                  SHA-256:48FB1E24F78D3631F75423929537A3CCEBCE92A5E551E7C0A01249B99A15AE7B
                                                                                                  SHA-512:EE4E12C2A580618D711DFF6C9EBC4936DE0065A091C2FEF886E7DBE0A64DE94F950A058862C09F5BA80D69638A1B8C01BDF8EA62F189E8FB0076EB102A775E43
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\CalendarHeaderModel.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3841
                                                                                                  Entropy (8bit):4.861457775013162
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nKg9T+L0Dk1akEkg+kyk6kbk1WMue:KogUldGcQW4jKlF+7DQ3ue
                                                                                                  MD5:E93DF9572C77F934688CB8B498820DD8
                                                                                                  SHA1:CC7F75E4FC6C83F4922CE71708D1A8A1445E0BD7
                                                                                                  SHA-256:F4EA2C35462F76B142231DC83B536B1F93F030379BE115BAA131934CAB4D8021
                                                                                                  SHA-512:7436FE36D939A9864AA5C9A7604B281202CE51E149E4556D25030B9AEA73A3B145F81BFD3CC451A3FBF522708B1CA2EFC90E1B5B782B9E66C77F7C5042F439FC
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\CalendarUtils.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5714
                                                                                                  Entropy (8bit):4.958893492664727
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWa2gOIZIk5Dfp/zHHAH9/581tht7UgrO4WSClyx8czs9n/OIvR+:KtcGhnlgH9581t7UgXWSClyxW9/T5+
                                                                                                  MD5:8EF9D96911E8B0AE9E2562662A516405
                                                                                                  SHA1:2E98D524FB217A7A9E2FA97EBE1EEA6A2DC013A8
                                                                                                  SHA-256:71E7B220AF9B62B2EBCAEE5B93D435C5A33BC6848CF29F785BCE082858C100AB
                                                                                                  SHA-512:D9E2F57512ED2134ECFA8EAF4B6B5128546C15B099DB1480235853364EDB90E6A4B63BD3620535B94AA927B8B6009772C60A75672A30375B55C0897C8D38E701
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\CalendarUtils.jsc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3384
                                                                                                  Entropy (8bit):3.518594661666257
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:JrriQYeEbazfNXFYiaVONj303w3ppQ3xz//:Jrr9BEbazwiaVONraw3Wd//
                                                                                                  MD5:3CF090913D6DA3274AD7A07D6110F87A
                                                                                                  SHA1:EDBC53363F1981D64B636E2D2EF4B7B214FECE87
                                                                                                  SHA-256:6CAE580C1EBD3370AEE62D3FA0DE5C848DC45D7B881437741E9436CA7BA4CDF4
                                                                                                  SHA-512:937A31692A16F7953F4022F4FCB4C3D187B3A02F42C00517C182F3CB12609A8E250BCFE91E68C20F5BA77B048FCFF4D595B25F91DBE2FA71202FEABBF19053E1
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...............8....................................................Y...{x.......m....................!.......................................4...........................................................................................(...............................................................................................................................................................#...0...@...P...P...#...`...p.......3.......`...#...S...S...0...p...#.............................../5......................p...y...........8.......8...............*...................*...(...+...,.../...0...2...E...3...a...4...v...............................(.0.(.0.(.0...0...0...0....................0../...0...1.......|....2......3.................0...........................(...V...........8.......h...............b...................................................................c.......d...(...f...5...g...B...h...V...i...j...j...~...k.......m.......o.......p.......q.......r.......s...

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ColumnMenuContent.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9417
                                                                                                  Entropy (8bit):4.628359677996762
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGzp/zjz+D0MUSYbV9fklFtgY0skwhmiWWJ5nU1yZcyc1TJh1fGTr:RGas7T+UACztKr
                                                                                                  MD5:7C237BFF401C547DC20DEFD84CD178B8
                                                                                                  SHA1:35827C05C85DA283060D76F9F6531C3F418F574A
                                                                                                  SHA-256:975BBC80DA2F1BD057F0FEBC8F4F2F4CBA730875F24F1DD1AB19AB9C1424144C
                                                                                                  SHA-512:A60B8AB4C343B2F07DB426F6BB2085EF2D3CD5DFFDD35F6A6A7F25FCFC885B823B517FB32C841DB1ACE819EC245955ACE286D22F5BAA0FB338664BE332161830
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ContentItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4611
                                                                                                  Entropy (8bit):4.990010731789747
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWL9DiQOOWOaphP1+JIShNUtvme:KtcG8DIOWOQ9EeVV
                                                                                                  MD5:B6B8F57D8DB0F00AA169DCEAFF7496E2
                                                                                                  SHA1:9CBFC0A49DF3BF1B5D0FA4F19C085702A4730096
                                                                                                  SHA-256:EABC8322BE26364621ABB055C8FC60567496F03283CCB29DF52282E5A9FC1CB2
                                                                                                  SHA-512:70F59759BEF5C357B80D60CD0B0276A7E2168B939549B71EACC4A092EF20FA22FB957A1B248E5662D5E5324437D1F1B1AFF12D734D40BF503DC672094824154F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\Control.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3391
                                                                                                  Entropy (8bit):4.835501223694417
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nUWBNFGjVjojFvJ6/Jh5jAMtXpiB4oCvhoJ:KogUldGcQW2BN4lkFxSjXgSe
                                                                                                  MD5:C44B244C04F74D3A6AB99849BB974985
                                                                                                  SHA1:342741FE993B9E723CCA3B4FE4BA8D5C7352164D
                                                                                                  SHA-256:AE60C761D16DF1CFC3308DF1D600D5AED403B95377B56B870A5B08AF9FEE476A
                                                                                                  SHA-512:AAD4EA8CC67B8F7559AEFA98930F60940B386094E6FFC879D01D02E2B9E3800E149661AEC72B513584C2C87A6860D5C909C7F86BD699004706B6E24F5FEA1727
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\EditMenu.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3383
                                                                                                  Entropy (8bit):4.814159570683156
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCAwomc8c3TiTCo6nPJo:KogUldGcQW6wom9kiTYO
                                                                                                  MD5:B48053C0E232FDE426DAF51151B93DA9
                                                                                                  SHA1:B981463D498E35D158630C2CF5DEF039F3D12621
                                                                                                  SHA-256:46B63D90FF343644506D788C6EEEB99956F55A6CBE297DDD998FC7438196B968
                                                                                                  SHA-512:6E7E9BBB3D4C5B4AC10BD188DCC9463E1A60A3617DED2DB0C808A68464C63F1A63B62EBF94BFB3BAC60DE58C55F3D903D3EF672E95A4769CA670F597FF94FF4A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\EditMenu_base.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5989
                                                                                                  Entropy (8bit):4.636882423408465
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWa40S3uK3eVoqtWo+DPLrHQLhFAP06iM1p8:KtcGBbF2MWT3HADAdiM1G
                                                                                                  MD5:F65418D60C05CF3322ABAFC6FA1412CF
                                                                                                  SHA1:E87102845BAF8FFC20C44C9F34CA2A5DA2E61735
                                                                                                  SHA-256:076E471444B7A512D0D19F39B6DC836F7A50D5049059CB26A0AECCCCDEF55439
                                                                                                  SHA-512:917BEE82351C03538A9AFC47C259FF84A3D93FC0114FE9002A62B65EB7ACAD1ABE50713D656231B65273114BAE5359C311CCC0894E0A1DC5C8824FEBE0F73E06
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\FastGlow.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9830
                                                                                                  Entropy (8bit):4.542740073103384
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcG4zlGrTY9cNJGBRNaTiN/spNYZ4N1/WbMXyJA/M:RG4xxmPcu/byB
                                                                                                  MD5:AEDFA8AE1834BDAE1D4CF32BA070FFBF
                                                                                                  SHA1:07C477570F131A70D1543C9E1D512B698BB05308
                                                                                                  SHA-256:545DE8F164CA5F49EA73F7A08305FB12806BC7B2654FDD9B0B14C275BF743CF5
                                                                                                  SHA-512:3FE310861519DA2C322F89B5D8C0B9A30F3FB52CB078506B156B9556E93B94CC89707BE6CC9393D6542D51971AD8D46E9B64980F6A72738FFDA168529E1D54C3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\FocusFrame.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2653
                                                                                                  Entropy (8bit):4.881994442458163
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+umv3:KogUldGcQWdm3
                                                                                                  MD5:CDD54D4C1D7F711CCF612B229D1745A4
                                                                                                  SHA1:CE9ADDD7481FDE32A7357F63DCE50A2146CC9E0E
                                                                                                  SHA-256:A4C6F0904FE3A42898A4A6B662491075AE5D10A820172058BF88CD156C733B2C
                                                                                                  SHA-512:25DCA3A22B5C88CC03F4B596A35B6805BE4AA2F6628FEE8670C9FDC8601A826AC69A23080E8CCD3F2969AA9E1AFDFD6BE5D9FE7F0F492B5192A1E9C5F92E45EE
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\HoverButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2931
                                                                                                  Entropy (8bit):4.824223917837498
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCz5bMHq8PtBi:KogUldGcQWx0Xfi
                                                                                                  MD5:2FEC5D0A5B310A979807837BFA9DDF3D
                                                                                                  SHA1:7CED0A6AD47D373E5C78EE0B4B011716AD1069A7
                                                                                                  SHA-256:F37EE6C81A402309CC49EB69A9500A41E79B4660EB8D8655E31D2EE6557143CE
                                                                                                  SHA-512:16EF0B25088BCF3D80EE2EDFA2688C5F9906D1708FFD8401B258AE70D9DC16235C76C664053FD2A8E334F0477038B991EEFDA0D580B43E244988D30D832301D3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\MenuContentItem.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11186
                                                                                                  Entropy (8bit):4.547609129759251
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGyRxuSaHzzC/wft/dVoyTc7MgCSdVD0Czs4Yn3GgTf:RGyRI/3o+S1P0Cze3GIf
                                                                                                  MD5:F6C3C649EF339F45202B8D39A6E526CF
                                                                                                  SHA1:F8531CCF789D115E0F59BA075B8FAE8FF64DCD51
                                                                                                  SHA-256:CD10E23812C99EB63FC34C226A8FA739AE4D2AD751BBC372DE37FE1D8EE553CB
                                                                                                  SHA-512:3D0BC8C9B646A935E4D08C318A3A4001BE4F8F853A94D43C0F734D2CD37C7B53C19797B5F586D9177348CF7A9C462B2CD5DED579CEAEDBE4B8064FFE8311CADD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\MenuContentScroller.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3156
                                                                                                  Entropy (8bit):4.80385659327207
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCdJUDLo1IzviEX41+SkDZ:KogUldGcQWTJUDLo1QviCic
                                                                                                  MD5:E23BE324C4489A0FC9ED575F105411AC
                                                                                                  SHA1:E9C0A5F4A8785F924D05460D42567482DF4ECB41
                                                                                                  SHA-256:C7EC54404C3168726BD8C84EDFCE0300139C4C8D0033DEDE6C75BDBF18330321
                                                                                                  SHA-512:E14C2BEBB472481710B13DA3B0FA41C8DF7552C2DA7ABE20EF5CF53F2426D9C6ABF9C395F1D6AC9ABCA48C76EA726EE117BE6E407611E2B87A0839BF911BF866
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\MenuItemSubControls.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2220
                                                                                                  Entropy (8bit):4.8311463753103085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N739/tv:MLoO6E+iCshVKzlOWGf0hEVufy9l
                                                                                                  MD5:C5840D0329592D5E734826BA47CAC90A
                                                                                                  SHA1:1A5F1BBFE92A8CBF4A6CCE221A7BE6BA6C529222
                                                                                                  SHA-256:76E7F170FE157C78E7D802DC0798CAFD749B5B550D2A3FDEB2699FBC9C0B09AB
                                                                                                  SHA-512:F6079C21EC06A64C768B2E35622B320A825744E963531A7DED9DE5D5FD95E186ACF82CBA6202A602FD23594C5921A53EEA0CB2489A74995308F5689730B34F68
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ModalPopupBehavior.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4605
                                                                                                  Entropy (8bit):4.758962867009659
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9EAj9+9X1y5nTcmdftkZJmFLC5ZXiRS:KogUldGcQW1AB+96Tc6t0JNES
                                                                                                  MD5:A93883D509CFD30E02700670A6D534E8
                                                                                                  SHA1:B38B28A3A31DEA74C18F22EBD8CBCFDCA2958A9D
                                                                                                  SHA-256:AD226BFAF454E3FC1470DFDF487060BCC4CE87C6C1E04F9F41D3FEE2B163195E
                                                                                                  SHA-512:ABD2A03D4DDBC98DD15936992F57F4C291E2967B7DF3C27641612FA261AB326652732DBE4C462E898893920A9CB8E4FB5FA50C7963B2BA8F1A29F3776D2F9277
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ScrollBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9203
                                                                                                  Entropy (8bit):4.547491093106234
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQW3v8IarAvLnsR2TRk48jWtoSa2HLTGXTdYyDPX2GeXtfTDiOx:KtcGAv8IaanB8jWe1YqXj7XCXBPiOx
                                                                                                  MD5:37F19972A2D331B7A6F2F1ED209D800B
                                                                                                  SHA1:71A7EEED3BFB6E9CEFD63AF76CB17E879297393B
                                                                                                  SHA-256:0F5F51CFEE83E7BAB513F6AFF232958A54952D38D65FC6AB52D0A873BFEC8077
                                                                                                  SHA-512:64AC782CF07889337B277E3135237FED690AEBD950DF0596F0AC1E12CD79FB557F3D0986DFDF4CAA445D864630616D3A3EA01734CE88A1466D1085A019A97258
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ScrollViewHelper.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9257
                                                                                                  Entropy (8bit):4.675180698058861
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGf7MaKztzp6B1T79nP0TfWwT5bFZCYEnmKTfQCT9JF:RGfYaKztzpMxPEfxBEmmfhd
                                                                                                  MD5:BA2E9040C82CD7D1D469AC2CF886B64B
                                                                                                  SHA1:FCD1B3B2B046E5F4BE358D10DB8AF5BDF2D56CD1
                                                                                                  SHA-256:C850EE4F3A7AE41834700939CD159845D9BAB2DD3C15A1FBF0B8ECB658342DA1
                                                                                                  SHA-512:E30E4D9044B3619773CEA1EF5B6C51AA049BDFBE2CB302A59AC1575EF795EE3ADC774506AE6DAC1E17FC4D88099E67AC5AB18E7722A420D09EF5FFECAEF94B42
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\SourceProxy.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4873
                                                                                                  Entropy (8bit):4.746641702829244
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWits1hEAMoFMZvf6Zn4k7uxoV0:KtcGdbXvf6ZR7uxoV0
                                                                                                  MD5:C03EDAD44F38B6B0538360599C5762FD
                                                                                                  SHA1:10DDBD689723D9811E03891D980D382E3366B5B3
                                                                                                  SHA-256:3C335EBC60A60EBCEA3B2A468A341B2AF3935DF0AB88F108F517A6DDB1E4EE28
                                                                                                  SHA-512:9DE80F57D8E8B33964508E95CE9D6863A27E3013CC8CF5CBEF9F6C219BCEC2FB8072164D2B7D7B7AB4A7CB7B669F6CEB0099410CB8FFF6E0CECDD4EA1308BE34
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\StackView.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2361
                                                                                                  Entropy (8bit):4.882092902880487
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyzDBTV1T1w:KogUldGcQWUDRw
                                                                                                  MD5:50B211F802E57ACA8AC9228EFC05D00F
                                                                                                  SHA1:28DFDEFC398241ACA453C5403716C8971BFAFBBB
                                                                                                  SHA-256:48180D35E367EFF46892D99E5BB05210F0930F87F1AB2EE12C9F642288E03836
                                                                                                  SHA-512:11342B69BCA766EFA30E8B496C50753FF52491B7AC81C5B1FC8EABF491FC16903A4634C7DD05618145B892D28A479B560C5459C9A72A357A50D68C5C81B0D87B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\StackView.jsc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1224
                                                                                                  Entropy (8bit):2.750005367540721
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:sQt7sDDtc2RVkX0flUpZ3itKIcLw/WjyInIiSCg:sQt7sG+fl6liMtzj3PK
                                                                                                  MD5:9F80E2D3051600962B626AB5EF8AA1CE
                                                                                                  SHA1:1D626D50D547A97D3A7FEA4EA6CE2C9748CCDE14
                                                                                                  SHA-256:4BD6DD850BCD63023F08E7EC59D8A99BA784951918B4062D6D0F29F4ECCB4C0B
                                                                                                  SHA-512:714117B6E306CCB33A0857663FA608BC273CF4E948F402129293BD3C2FE932E3EBE02862200D7BD3809E9DD5A6CAEDC6B0DA3E005E99B90F44A630F0A934C3E4
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)..................................................................._;..>XV.j+._.&.........................8...............................................@.......@.......@.......@.......@.......@.......@.......@.......@...................@.......(.......(...C...P...C...C...P...C...P...C... ...c...C...0...c...H... ...........8.......8...............(...................(.......A...............(.0.(.0.(.0....0....................P...............8.......8...............<...................>.......?.......@.....:....h.L.........:.z4.........`... ...........8.......8...............3...................5.......6.......7.......8.......9.....:....h.L................z0....h...............8.......@...............*...........................,.......-.............../.......0.....pL..............x0....................`................... ...H...p...................................................................c.u.r.r.e.n.t...........................p.o.p...........................p.u.s.h.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\StackViewSlideDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4863
                                                                                                  Entropy (8bit):4.434798897264616
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nZafoM1fI4B2+T/GnW+f4mf2+T/G5+uI433Fz:KogUldGcQWVI43k4+YI4nvC74Kvf6
                                                                                                  MD5:B077A08FF6441BCB06AD98DCFA410D3C
                                                                                                  SHA1:5229A1B8BFDEB3A0C7AFC2A104F24952D4622906
                                                                                                  SHA-256:A1B5C975825B453C5A80F2C4969955C7C0AF5A71ABCB63AAC9FC1AB27D7BAA00
                                                                                                  SHA-512:9E01B406542F54B64C061D1A915A26F8E4E878F58890B095C1505AC83553341A19437C1D178175EB5A3D54093756AC5C9609522AFA7AA559CB91BA0683442F62
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\Style.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2266
                                                                                                  Entropy (8bit):4.853909747945728
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+Qgz:KogUldGcQWiz
                                                                                                  MD5:2A576BBA1CF11537E15C0200137B8201
                                                                                                  SHA1:FA18251A1ADC02EC230E80F7AA9796C5813B0742
                                                                                                  SHA-256:B18E9DE9FBD7B7CCA9AC08BAAD5216C695142CDFCC41B7CAF37D95CD48BC53AF
                                                                                                  SHA-512:B961390C8A91269BEFD5FF71367ECFBE10E5D7D745716F32E7A168BE51FBEFFC1C8AB79ED7C23F3D9BCF142B4C74B8625530CDE4EE87D781F8FF3FB4DBF443D1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\SystemPaletteSingleton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3425
                                                                                                  Entropy (8bit):4.8544567803873955
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyyU51hdC7m9WYW9ujOn7u3sT0IOBXybv5Urx:KogUldGcQWCy7mWnqVH
                                                                                                  MD5:4C1ADF18775AA9B85EA5E459596917AA
                                                                                                  SHA1:CF899FFF3DBFCD0603C72788A630930949C3D6C0
                                                                                                  SHA-256:E56F3BDCFD879C8693FAA9A279F059D93202CA17CA246D5D1A831CF00AF42080
                                                                                                  SHA-512:582820E357405A831947F0B5A1991EB49C65D280FF4AA2F11008F703E55156D6A38019C61CE6C1B815B716A89B6DD054BD5EBBD0ECA6DEA03EBF8375DFEE2D88
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TabBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12756
                                                                                                  Entropy (8bit):4.426522592087365
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGHOJLyyjiFX70aTrklQO6KaTYSY3E3XS/QoGmpGNlpP:RGPN70uy21UG0Gt
                                                                                                  MD5:38F5465E469F1713C883D1D7AE1B0929
                                                                                                  SHA1:6F2BCD3B11C9AE5D0A8BF3FDFCA854A022C6B555
                                                                                                  SHA-256:D7F4B886C50DD7EA6A54EEF48C34650E5ACAFE303B332044D3162BA1D8E96399
                                                                                                  SHA-512:F33BBF6278C21ABD4BA20AB3AFD6318CC6B5AC49BA06F49AFFCF077EDAA9462299249AC4DBE2C568EBA449FAF9EF084EF09FAB96D077A73184C363BAB389E2C5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TableViewItemDelegateLoader.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4634
                                                                                                  Entropy (8bit):4.889581868279411
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyBsa+HEMr8/AvWIzLoGIir7w/g5IY6XFdJ7vM/x:KogUldGcQWS1+FbQGDHj+Jvwx
                                                                                                  MD5:B2649334F094FB84301CE7B4707FC55F
                                                                                                  SHA1:5E098BD41BF4AA7061E078D25D462DCA67867489
                                                                                                  SHA-256:F989CC52662928AD96F2695C927AE7A9030716D2B8B32A3558DE48A71F368053
                                                                                                  SHA-512:7DC7E3553FBD4CD509DF29B7BEAF635320A0F014EA81B7A9732EE792F907126064D789A4C8529DE4AA893B2C764F26294F8B2B29EF93A6FEAC5B0C45401F8081
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TableViewSelection.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7164
                                                                                                  Entropy (8bit):4.589750615977315
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQW+NDMfucOc96BB7EN3gkO6fGkbGVgiCU:KtcG7MGcOL7ggkONCU
                                                                                                  MD5:F7D17922E90FEAB842FD6E278A6BD853
                                                                                                  SHA1:D617BF6A5972CD510BB5E1C79F6D831A24B1EB91
                                                                                                  SHA-256:ED1935591C3F9A63A3F6123839CE3A8B8869D0350849583EDDB6F075FFF8928F
                                                                                                  SHA-512:F700C13E8857BCE965B2F9FF4035D9E4E97ABA821D5A71BD57D27C196386F26C18CED64F50AED726706F67048DBDBE8AC5D6C5E3700A13738FEC5BB1B2692008
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TextHandle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5192
                                                                                                  Entropy (8bit):4.686492495072203
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQW1SekN7ZGZDwn1qDnr7av7wKOUl04GhfOYj1H:KtcG28NQxgcDnCjwpb4MfOYj1H
                                                                                                  MD5:643BA5029A59F3E401A5DEFEA74299D2
                                                                                                  SHA1:B3117B595D3A428584F4C2CCD512AB7EB9C090B8
                                                                                                  SHA-256:5B7A9043C92CFCBC928579C1341524F034EAC837494FA420EDCA0498D50342F3
                                                                                                  SHA-512:6F2005F598D2EAF55CDC81DD7C56C0BA976DFC9312358892E97619BEF4979554C78C32BF93E9A8254A1E590E398D17440B88F59D1B465E8CD6EB600F245140E0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TextInputWithHandles.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8229
                                                                                                  Entropy (8bit):4.711477100285126
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGMBMlXSJIMr4yCIPMDOhTBoSdAOZM+k+IFMgolRk+ysMzFM1:RGEr4m0DOHw+Q6DRqtz61
                                                                                                  MD5:8AAAB13E4EA785CDDA42AABAC77A957B
                                                                                                  SHA1:B130F63A5D72EAA05FAF08F2B1E8DF7A8B0479D0
                                                                                                  SHA-256:28C45A87F5CCEB7AC9DEFFD6910FB1E1563E0B2FA3E34913D3B6BD3B00C5FB89
                                                                                                  SHA-512:5E3891871B528D18A199759ABB1F9AD1B3A1FA382CC2EDD54F010E64C827BC7567C19DECA7EE51D15A23EFB3400FEA48C5BD6EC0E6DBE38189301D8837B202F4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TextSingleton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2020
                                                                                                  Entropy (8bit):4.825477059078544
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfyyUNH:MLoO6E+iCshVKzlOWGf0hEVufyyU5
                                                                                                  MD5:5BE64BA656B8F7A0957290F889A5D88B
                                                                                                  SHA1:B3470BF3AF63162BCF67C9AAE70E28A60CFBC764
                                                                                                  SHA-256:8649D411DB1A6BD02AE63076A2FE2B1050BAF64ABACBA958930C3E52ECF1988F
                                                                                                  SHA-512:16C44A545A27ED81E7ABE679A3EB4EF4AFE51A43A846D30C99901F5416F4AA7AD925E2AA751B12D4010EB87E6282070A9F04B0500613022E16F793C45FE02994
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\ToolMenuButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4615
                                                                                                  Entropy (8bit):4.792962273105971
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWPItn8Uqhc+B6oIv4Lw69CS1TGITr:KtcGIItn8UqZYoPwHS1TGITr
                                                                                                  MD5:7F1C253C812495BEB83825E770966804
                                                                                                  SHA1:000D0206442A313567180763C1E043CF43DFCC50
                                                                                                  SHA-256:7A136915B179CC75F952D1E57B622216AC884295E085AECC087D3923F5B5B0BA
                                                                                                  SHA-512:AE23CC99F14290431A54AA2719ED23BEB8A3B38C65CB16AB6283B3BC9BFB758B57AF01E354E680C15A5DEC2CB6C6A7489C636D6C4351316AADDC8836922AE2ED
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\TreeViewItemDelegateLoader.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5059
                                                                                                  Entropy (8bit):4.915575384873494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyBsa+HEMG+xuKsO24XX5RZr7w/g5IY6XFJ3zNZZ:KogUldGcQWS1+vsO7/HjkzN/SCD/
                                                                                                  MD5:4A787B69613503A130A393BF4067FA58
                                                                                                  SHA1:680DAF095DFB6C1A5A20129C8DEC093AD95A89CA
                                                                                                  SHA-256:E8E098A622B41C091528F61C611FDBFEF52C9DC50C324C3591B2E86FB21384FC
                                                                                                  SHA-512:B42E175DC1FA94475DD6CEDAE113CD794AA269D58F8BD4F193C4128CCD62B38002A1DF9C50C1182AEF11DCD3B0066FDD300FFDA7FB29E4231F132F3083B9CB5F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1486
                                                                                                  Entropy (8bit):4.931489821141917
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:GrvV/3OPO+Nv3ASPJbNErXSaLpua0p5IWCIR5JkAUnA4H461yWIBlEvz:Grd4Nv3BPJbNEriaLpua0p66R5JJUASl
                                                                                                  MD5:20AB7D17BE48C20278D09CC12F7626E8
                                                                                                  SHA1:74CFB09A1A59EE6D4E603EA1760268D9D99635B7
                                                                                                  SHA-256:FA434686F6ABC72813F1285A2FE12DDCFF0F197ED719EF2B1557681DF739FFEC
                                                                                                  SHA-512:5AF68D6A6843E8E4B4C6D2CA2C30AAC571D68C6E82B56BFF74DC58C486B9AD27264E2C4CF80766124CBC61AF084992E787F6E50F1CA1095054B4EF5395CFDD9F
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls.Private..AbstractCheckable 1.0 AbstractCheckable.qml..CalendarHeaderModel 1.0 CalendarHeaderModel.qml..Control 1.0 Control.qml..CalendarUtils 1.0 CalendarUtils.js..FocusFrame 1.0 FocusFrame.qml..Margins 1.0 Margins.qml..BasicButton 1.0 BasicButton.qml..ScrollBar 1.0 ScrollBar.qml..ScrollViewHelper 1.0 ScrollViewHelper.qml..Style 1.0 Style.qml..MenuItemSubControls 1.0 MenuItemSubControls.qml..TabBar 1.0 TabBar.qml..StackViewSlideDelegate 1.0 StackViewSlideDelegate.qml..StyleHelpers 1.0 style.js..JSArray 1.0 StackView.js..TableViewSelection 1.0 TableViewSelection.qml..FastGlow 1.0 FastGlow.qml..SourceProxy 1.0 SourceProxy.qml..GroupBoxStyle 1.0 ../Styles/Base/GroupBoxStyle.qml..FocusFrameStyle 1.0 ../Styles/Base/FocusFrameStyle.qml..ToolButtonStyle 1.0 ../Styles/Base/ToolButtonStyle.qml..MenuContentItem 1.0 MenuContentItem.qml..MenuContentScroller 1.0 MenuContentScroller.qml..ColumnMenuContent 1.0 ColumnMenuContent.qml..ContentItem 1.0 ContentItem.qml..HoverButton

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\style.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2540
                                                                                                  Entropy (8bit):4.967394572082259
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufyFTUWsHLgKqs5Xejg+o4k51I5d:KogUldGcQWaToTaKsn
                                                                                                  MD5:42B5203954B0E4D9EFC477B558D3C8FD
                                                                                                  SHA1:5D8142C39D0960F4E6B58ADC62FFF561AEAF70F9
                                                                                                  SHA-256:E337C73325AE18763172A328B819B036E6F42C412A77454731B14AC5F05A1E3D
                                                                                                  SHA-512:D3C1E8B50D7993B180355279E6414AEBA61C4217656B56C9F89AD983F8B4770C4F776ED446BBCFD977EE0A8E5F6A69D0034B6B1FE79568B3D0CC5125C90168B5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Private\style.jsc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1976
                                                                                                  Entropy (8bit):2.820679200645265
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:7x3sRHzsgwD6oPrhgJ4NIvguvXzN+KMq4s:9cRHCvrdSgoDXMs
                                                                                                  MD5:80F232BCAAC7F002E70C78857751B4B1
                                                                                                  SHA1:CDADE6F84F269A98EB324404CB9C92064B679386
                                                                                                  SHA-256:555FDB6A54C6A7A3138A60624D8086636F598188F932E77DAB9CA86D7A74CB2A
                                                                                                  SHA-512:7D9E2C82932A53050BD65C40BD2D6624BABF65F9BDEC82642337E7E27EC2C287044F04241FBFC6CC49474CB4B9B9B3170F627DC40E3A2B0B1E7D904DE3BF84E9
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...................................................................y...;....1....-.........................................................................4.......@.......@.......@.......@.......@.......@.......@.......@...................@.......8...........H.......`.......3...p...S...3...`...`...............H...&...........8.......8...............*...................*...#...>..................(.0.(.0.(.0.(.0.(.0..............................`...............8.......X...............0...................................................1...................H...............8.......@...............<...........................=...................P...............8.......H...............4...................................5...&...............H...............8.......@...............8...........................9...................p...)...........8.......X...............*...................................................+.......,.......-........h.L........................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\ProgressBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5692
                                                                                                  Entropy (8bit):4.738243897802114
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWWRmW0U4U92YDF1DqkWtZH3WKzMff2sKpJW2yugqN:KtcGb0U41AFdqFFWrsgqN
                                                                                                  MD5:1C2CBE26335E931645073DEBD61D9DB9
                                                                                                  SHA1:31538AACA44E1E1ABB2E79897B5B5E6064142618
                                                                                                  SHA-256:4F35BC6258A283B250AC45BEFA9C6D69C49EAF4805D24AA987DE6F84A4D73E91
                                                                                                  SHA-512:CE95B37DA7DD8C76C226D6691D2A43FD2F1B21873C5FFF3E69857A608EEF4ECA6D56948C34E9F6A7B6CC289FACD12DEBEF602C1AA57697619D0FED94B9B70F49
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\RadioButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3653
                                                                                                  Entropy (8bit):4.812422684711833
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+2S1+B+bnnpRU0qiAVXGYqFgZ:KogUldGcQW5EdnDU0qio2XFgZ
                                                                                                  MD5:1DDD77CF9A6DA009A4511D17632747FE
                                                                                                  SHA1:FCADCAD31CC89DC9796267F0494A259F3F9857BF
                                                                                                  SHA-256:69751BF1401CD0275F1269A3FF1245E94C9AB6094B51442E84A0761742D12724
                                                                                                  SHA-512:EB9649EEADF38F04E96E7D0E1190A4449E9CB32F245CA190689641072EA5327C7603D482C8B40C845D4017619F3E34490B1FEDC9E96E0C8DC3A8ABC9A072FF61
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\ScrollView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14604
                                                                                                  Entropy (8bit):4.5894561555109235
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGyKQr880auOa7pNgj4UTmaTq8HBdY9tZ0uhlLt/2YfU:RG9oupCj4km2qIqPlLt/2n
                                                                                                  MD5:14139C1D76D6FDC43BC9CE0626FD75E4
                                                                                                  SHA1:5C9850B3CCBEB8BF0C0EC8C2AE8AE6CC117D33CF
                                                                                                  SHA-256:5085D56222BC970808FECA1CA1634B095C2C6CCD6691F693C1EBAD2AB7EE030C
                                                                                                  SHA-512:CE2680818E338F2E1188E50BB22320C666575DCE39B363830E558DB13EABBC8F46859821C2BFC7F6462EF6CAA187C947BC440072FDB32F4BB6B6843BD24E7824
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Slider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12350
                                                                                                  Entropy (8bit):4.692219470832445
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGqTQlTeEDUlMQ/68WVy4yub3soZhIr/TozrTNVugO:RGWQbOQjconInx
                                                                                                  MD5:364F1C55898244523A4CFC7A5A47E28D
                                                                                                  SHA1:00BE015B1A64880302134B2F852A63D8803CB0A6
                                                                                                  SHA-256:3D8119887B0309D80DD4940BD8A70D1D21561EC0DB1C8AA09F3C295889C7F825
                                                                                                  SHA-512:9EDEA941D5DEB32ACE2149D4DBC342AB6AD95D04A01D4D4BA3C223ECDEAFFCD2917CA6F7ED209EE55D3150E9CE30B84D1CCE0CC5CF369BC0338D23906D2FA19F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\SpinBox.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13281
                                                                                                  Entropy (8bit):4.736074961181643
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWUmDva2s68LsBaPsBaSDYacjm2cjmnMSnjz25tik/8NPIHZulFJfLjr:KtcGuSs6S3HCmhmnKcQIP+mZKFASRMJL
                                                                                                  MD5:AFEC2D213C2C7C3A6B84B499A5CA2FB9
                                                                                                  SHA1:DBC8ABED5CCE2D94519C8AA29C7CFA74D5D5A0E4
                                                                                                  SHA-256:61A59126588ED9D0A2AB0B769D618D6E346861DA8E955624BE3809524E81117F
                                                                                                  SHA-512:0BE1CC72A36954B72ED2D46663807F3936A5C45D2968662B4F8CE7652569797C08C25C36F50E88040361169BC609E3EBC1116EF802113F7341D3DEA095BABFBD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\SplitView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):25742
                                                                                                  Entropy (8bit):4.445756629003457
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RGhwQLn6eY4Hx6IG+h4gaZAhaWQ0DbhbhdbfFLnLMg:RGWQLnbY4Hx6IG+h4qwWFPb4g
                                                                                                  MD5:0A46072C68E120C0E63205F062D93D43
                                                                                                  SHA1:115B66F2445640F54AADE7B9093878B36AF01940
                                                                                                  SHA-256:B500378FA65BE77A0F08FE26B771789D902591B0E46908B43B7AAAC80CE91788
                                                                                                  SHA-512:752AF4B2438DD3B711739A7AF7A7CB922A6E072CF3385087B9BDF7F9CCDB7F8D74333B8C5ACE4E0B92542488977FAB90ABB60138540B3FCA30BB7AFCD5884F99
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\StackView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):43458
                                                                                                  Entropy (8bit):4.500096685351172
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RGL8UhiLrV6Zgk+bXhhfotIELfOYmcOklcCDmK51ZlShKoXL552LPvL0rZUawrez:RGLnMFk+bXLfpEBmK7Z8prZUawFSnv
                                                                                                  MD5:D8F78DED9D75F939807CD0219DCD15EC
                                                                                                  SHA1:AE9A0A606FC415E2CB4C330CB7912578C30C8021
                                                                                                  SHA-256:57151175AAC70463274ABCCBCF3E57E08BD4CC6E7C4BD96E3646D03D7C50766E
                                                                                                  SHA-512:502639C3352AF3038F68E6E2DFD81027CCA3610DDD69E75A7D08AFCD023F867C09786CCED13207B24555D10204B7DB27F411A5713844FE68C96138D791307A9B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\StackViewDelegate.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3701
                                                                                                  Entropy (8bit):4.770409858757474
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9dpBWeHQEJn1ULlMybLv:KogUldGcQWWW7EXJyv
                                                                                                  MD5:74F5F0AFB5AD03CEE193AB7E63D8B0BB
                                                                                                  SHA1:F0A2C5F9D0BE87760E13C6B0C2460F00731B482F
                                                                                                  SHA-256:6935F441CC0FABE51F102F47495F61ADCED2A31C588A9C1C6D03620C940A0B3F
                                                                                                  SHA-512:E1BDF0F9371AC2C88A9BA9EB521BE892D1F2B2A957F12710261C64B7E827906E597094ABFE06421BF2967725313123842A88A0F055C95C53AFEB8DED8D0A8480
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\StackViewTransition.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2535
                                                                                                  Entropy (8bit):4.789416818924003
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy93ZNJGJLB9:KogUldGcQWfNH
                                                                                                  MD5:51D8B8E0D66D80736E6B6A0753BABC82
                                                                                                  SHA1:5BF685996E4DF8BDD9362047EBC9FCEA7ABAD68B
                                                                                                  SHA-256:14E65632333ED9FE15D87E138122E76CB942D5E4E0F58776EBA26CDB73953E06
                                                                                                  SHA-512:85DFF4D5367C4DFE0CA6969C8C0071B9550505FB813AAEAACD432E2B14F99D733962CC7E2F04F4C1C3870870F193EAED6ABCF826F3E3B4F1056A82D9163E7F45
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\StatusBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6358
                                                                                                  Entropy (8bit):4.63207579935174
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWdVBuWr3myXxjNcrt/k+2Ed9+f2TqUxr6+LnfMmunh+w:KtcGYhr3miNcryg0MHgX+w
                                                                                                  MD5:6299E07B7905A742CCC2894C4788E9CE
                                                                                                  SHA1:BB9EF4D0BD655ED6B1F93C9973B66FD6C6D3D08B
                                                                                                  SHA-256:A4200159ADA2879FF39D94ADA52C64E5D910DC7B3753438E8F9304BD3DD71A2B
                                                                                                  SHA-512:640C6579DA6DD05E1ED899E07A8E8694A761254C6EBC398E04328B4A38445EE03E315F148311DB27E791C4A7EDB268FF3D91793EC43EA548893CA63809DA97B3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ApplicationWindowStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5195
                                                                                                  Entropy (8bit):4.666594294196223
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWCS3sdszCOf/6VtUjMlljMaH0vJ5jMaH0vGVjMaH0vA:KtcGRS3sdsGx6j6jP07jP0uVjP0I
                                                                                                  MD5:DE60DA37658B3737154C69D264F2A414
                                                                                                  SHA1:A3E96470B5F9F179F7086009E6EAC4F0DBD15BB0
                                                                                                  SHA-256:5A667DA03B77D4EF01D9A9BF9DCA168645E102B1147678741892B8E785EA6C54
                                                                                                  SHA-512:5C5C807F5800E29A8DDD9BE4C29C852DA1DCAB0FA313C107444F15A0B25927A622CCD952646D3D08230ECD699888FAE5AFE4146ABB4FA4ED3C811661775EF099
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\BasicTableViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6586
                                                                                                  Entropy (8bit):4.829492368514061
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWOsSehCnFssypmbzCjaq418gbQC:KtcG+OywmO9
                                                                                                  MD5:9A43A9C39DD8DC02F2706DC47397CFEF
                                                                                                  SHA1:DC9243A378F713EC44D95237DA4AB6F2EC69034C
                                                                                                  SHA-256:D02446470BA5CD51E390EE1B6F78080942B09974AD089088975795B55CE59DCF
                                                                                                  SHA-512:B60B7EBB41170948606C009CDB41B69C16A74E019FE8FA454B687284CAFC43548C9CE603D2C64BFABBEA536310137D4D4EB620EEF0D0481568698334402B1731
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\BusyIndicatorStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4455
                                                                                                  Entropy (8bit):4.65121218543489
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+rSotC1acVZ3GthgOrwcax09uW/oXjtfZO:KogUldGcQWwScMcQOr3aSboTt4
                                                                                                  MD5:8CF3BDEB2ACB695085D110A67EF7979C
                                                                                                  SHA1:DCBCEAAE55E3D35C5B12828801796ECE274EE773
                                                                                                  SHA-256:88CC52B50EC90FB8DB6DD1CBA81992F329DDF4E2E2438742B6F68C7EE5EEF803
                                                                                                  SHA-512:8931D41A58DA4496D95F3FCA73D8F9A3BB48B62F89FC0727E60D4AFE863027EF34605A8DAAD594E4A2EFD238B9A908ABB7CE57A967AA71115BB318DEB15BEDA3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6821
                                                                                                  Entropy (8bit):4.653671475027472
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWl/SrB6D/0ka6G5MXv4+WENtyPqd9+DsSAT/l:KtcGMSrY/0p50GEiSd9+Dsbp
                                                                                                  MD5:C19019451C36D69BCEA15735A5C6E0C3
                                                                                                  SHA1:408F85FA900909FCD74F4487FDFF7E5F731D8496
                                                                                                  SHA-256:E3C05BF3247AE047991D05BD87C9FD8FD282BFA65371E8A36DDF3DEAB5C97FDE
                                                                                                  SHA-512:157FEE38A3E9A32B29347F6CEA19438526A527918BB2CBA7AD3F1AE1FAB07F24059D0B22F80A5131563114008609B510345F63FC50D8235E6096B83183682CEF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CalendarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30093
                                                                                                  Entropy (8bit):4.072348356345042
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RGfLbfssWu9Vbt7xE9pZyj79vSEWO8l0bdAF1KQF3ZW:RGzVVpxE9pZAxVh
                                                                                                  MD5:D23B1165EAD1E7BA0C3E9B029FC9E821
                                                                                                  SHA1:7198E9B32A96C1A51E9A9B4E926EF6A967329CC5
                                                                                                  SHA-256:F36EC8A4ED40596A341E7017FBF13635091E8FA8AC8F509721706A9DC47162D2
                                                                                                  SHA-512:F7C8872C9B34E8FE04678C57D79C026EC6FE4E83FD44BC0CEF950D5DB960DC4AFACA4AE95D2D233FC2C887E594CF349BB3E1B0971191D22EBB550F02DC183C47
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CheckBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7275
                                                                                                  Entropy (8bit):4.597937185580846
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWa/SubfmjxiSPM/S7n2iCZJ/49+DYAd/Beg:KtcGVSwBBSr2iK49+DxDeg
                                                                                                  MD5:DAE47DA5A7E22AA82B3E22F17A99F0CC
                                                                                                  SHA1:90C208B5A84BC44C2D9DDF09FF8A6803F0650368
                                                                                                  SHA-256:4CAFEE3390640EBDBC9BFC21BBD55D63905B5C293237EE0B5FCD2596D875A4AE
                                                                                                  SHA-512:F61F1FB74F306A47F05048A78ADFBB67B27C69F15D8CE8CA8324F4248AEAF1B41783F46A06182DD129AEEFFB74190745751FA6BDAA2A7AEA76C31F12AC15824A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CircularButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3387
                                                                                                  Entropy (8bit):4.843527940418129
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy9nGxGlDSbNajeItbiHoWd:KBgUldGcQWxbNieIwHR
                                                                                                  MD5:8717284E7E0792578D0C07FDA27CBF23
                                                                                                  SHA1:233513A280E3C66FFE5DFDD69ED4107B4C21E9ED
                                                                                                  SHA-256:C230F37E94B347033B9B1D230D81D2DB5F489B68DB7E776185FD6FF1569758AE
                                                                                                  SHA-512:9A59DC02A2109DB9733A26A4E0172D81E35DBD7A0B6E904309671CCC603A65D6AEFD65BC799B3E9D6F6B777922E52CBA14777CA800A6D38402E7FA77CE8A5CC7
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CircularGaugeStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:LaTeX document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18599
                                                                                                  Entropy (8bit):4.600615740536773
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicG3STU3ybV3l9xvd3Es2BZD9PU+s2BZD9WmzKIOQMdLhI3sqfZT3pMm7pS0jKL:4GiOybV3pvGTtiQfOlZucMl3ykFM
                                                                                                  MD5:1E92C54FA7DF591A934D8CC08B4CFBDC
                                                                                                  SHA1:DC59038010B9F618EEDB763B92E84DCE498E956C
                                                                                                  SHA-256:5DDD459D0E56F42672CA239B5EDD9650AB442B5F9D62105BDA19790B22088209
                                                                                                  SHA-512:FF0ABFC326137546EC76E4C80068B4C9658941FFDC7A2FEEFFDA717D15F787D148B28A8CD1BE56585DCE4D11736DC6CB7F01ED4246158FFE0238655841963095
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CircularTickmarkLabelStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13701
                                                                                                  Entropy (8bit):4.405540423788938
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicGJwTavAQY/9eQTy6ig/uKi/OJzU7A4gUcvoaMZ:4G+//bhigkozUknk
                                                                                                  MD5:77AB0B21EECAB36BFB4D322854CF7F43
                                                                                                  SHA1:594B85BE5FC922B89C114B258E11D9E42C9620E6
                                                                                                  SHA-256:7E582CA7BAD41DBFF72E53F821FE6C5F92B619A883CA567386D08A2A692195FA
                                                                                                  SHA-512:FBABB02AFE10ACD4CCB9303AC70B3D22FE97BE3EC6CDF1099E35924676FBF70C0BEC4860BE8113D228C1A3B4A06AFE7EC9474D4C426075CA237E1AF8518830B5
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ComboBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12375
                                                                                                  Entropy (8bit):4.601679376476698
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGqSNWa0XKg5gzwCpjfVEsxd9CDMISxvTwg+v1COCNoOCOCc4:RGlGXKg5gMUfxd99Rw
                                                                                                  MD5:0D5F83CE30836BE4CBDBA1B5B0FA77B5
                                                                                                  SHA1:D8169FF72B8D0B64E81EE10EED5342B95259B0E1
                                                                                                  SHA-256:7EDDA00F6848787DB4BD38A04418D2F99ABA26D4296AFD67A3F67ABEC30C4949
                                                                                                  SHA-512:1ED61C158622739CFD6CDBE79F2162884DB920FC01E5D733ECB8AE1166167B65355538AE7237BBEC029C1F6D6267350E40E1723441FD70BB0E2136817EF58659
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\CommonStyleHelper.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2688
                                                                                                  Entropy (8bit):4.94846948198866
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy9ZsV9hF1tgyTbb9f9IK:KBgUldGcQWX9JtgubR9
                                                                                                  MD5:8FDB08DC6713B34EB276C2FC503CC84E
                                                                                                  SHA1:5CCCC4CB7AF003671B694BB3C3CB2D75744B6EE0
                                                                                                  SHA-256:75FEB7954038FC605A7A111592C16B83286716E4FD509615FDDC2419FA7AD98E
                                                                                                  SHA-512:F17C7EF0A50A4843B2A645069E67966266EC134EE5CEF4C41B2790DB9EDC44C3E815639395A7046B8A5E297BE083AA0F83B7FEF0A7333B43FD77FB3D10015752
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\DelayButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7477
                                                                                                  Entropy (8bit):4.457964454713401
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicGAS+yVHrMW1TmEmCrFUCz8Itym6kDQbp:4GDRBr3mEmC5VyvF
                                                                                                  MD5:DD14E449040774CF0F8C297ADA0BB230
                                                                                                  SHA1:33FF12A501046315450A488B3CFA9C360D7F766D
                                                                                                  SHA-256:734198AE9B68B20931073ECEC580B3924006A40212A397A26854ACBA3C60D08E
                                                                                                  SHA-512:E984BE5ECEA7260D68AE277C0A6F7EA5252B881B5B9195D0FF7BA7A7530E0691A77FC9A6A5FD9158B3D2D3706FDDE2D4C2B9A64A6607B7CB51D7C017CB9199C9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\DialStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13309
                                                                                                  Entropy (8bit):4.641284565398556
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicGjStkxvChpI1QjdAfKRhqfIWvw6/aJCiD2pp5opxj86L8PbWv+IzU:4GGAvn1c2SviE6/pkjfvS
                                                                                                  MD5:C9ECBD290C4D4AF10D1F16652064D786
                                                                                                  SHA1:7C967C254D293CC4D2ED5667053C02762A7F466B
                                                                                                  SHA-256:68D38C22B76E28D994B587A9EDDADCDF87682A0F2678551FE67B68C737107B4E
                                                                                                  SHA-512:A1887E899BA983050F84882F4BE70CAF055F4F945E7A7A91E864CCA95A55EB25B15DD4E97CDC2F7846A38D3994F23DE7323947B9AE50C7CCB5B063105AFCF670
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\FocusFrameStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2195
                                                                                                  Entropy (8bit):4.860641581432451
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9C2RE3P/z:MLoO6E+iCshVKzlOWGf0hEVufy9nC+2
                                                                                                  MD5:AD01AD6DE4CC26FA4270567AC67899BD
                                                                                                  SHA1:4504EBA68FECEB61AE5805AF8FCC9E8F46813368
                                                                                                  SHA-256:4A6FDFC1C81341D6B4127DD76CF30A46CDF1EA080156327C641D93659AD10E4B
                                                                                                  SHA-512:CC463C14BB9B6321B9E0B3B5F9864CA29E5899D8054CFDFA2458AB3FA5005F470EEBCD87FF3278718D1CC7E15C0184C81776D3C650CF9A0A49F2D209B998AA3E
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\GaugeStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):22836
                                                                                                  Entropy (8bit):4.299447926284382
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicGzSPBjuH5kOOqqOipbNpymTjDIkE6ypij2RsDPjdBfNDL9+:4GW0gJ4EdEdYjho
                                                                                                  MD5:7C3C99E2E1F2D6D7AA20BCEE398DA6E5
                                                                                                  SHA1:146F9AEC406A1C8921608C42399BB8F07D5A4F95
                                                                                                  SHA-256:47720FB3600A64E782D23C316B88E2A0B8C04DDB4145C4F3FC715C88E5C4AC58
                                                                                                  SHA-512:578F5B75B7227138994066997E79A0DA7473172220975AC9298C58CB4CAA6C32DE484AB8A01235F374C80882B85D114324D7AAD20F17BBFB417EAADA4C5E3CD6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4956
                                                                                                  Entropy (8bit):4.6040064729782575
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+/GZg3EQ4UWgqk3DJCHB0YpD+0mXkupan9N:KogUldGcQWgG++KvzJu0O+pkXol+1
                                                                                                  MD5:551C67724C444056F370802198A7E5E9
                                                                                                  SHA1:E87F2AF2D3DB8407A3E467B613191C9C268FBB41
                                                                                                  SHA-256:A87CAD5B0BA3FE0E67F183EE47F33B0F92E733ED3150821C0DE76D8AD7A3D664
                                                                                                  SHA-512:7CE6B704CE5B36EB2A88ECB77CD86EADEB9E6B579412E657FA94764B04E2BA4E9F006B0089DE1A4587DD925F9130DD4358541FF40E26922F369FDCC06FE72B48
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\HandleStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2849
                                                                                                  Entropy (8bit):4.799975439686825
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy9nfAerCvgC/5qs4pn:KBgUldGcQWXLA
                                                                                                  MD5:4F524B56A3AB03D69866D757F7789BFE
                                                                                                  SHA1:18329971CC6F7DFD0620FABCB68EB5A14C3D385F
                                                                                                  SHA-256:0C49EED4E013CD6D921A73A362AE0B49288C91377CB1A6FD1D9A3C1A79DB78D0
                                                                                                  SHA-512:67D1E2D8E1AF463C850B672121970489A9FB19C6E1ECEC278FE7D40FE8057EE6598B2CE87DB9F1B11D633863E704C17C1F8CDB5E360D040AE3842008208DC3AA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\HandleStyleHelper.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3955
                                                                                                  Entropy (8bit):4.902843047893749
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLBO6E+iCshVKzlOWGf0hEVufy91Bbyx4leoEB5wPCLXmic0uV5llN7Dmic0T:KBgUldGcQW4Bbveoa5wPKc5B7DT
                                                                                                  MD5:518B479E244913265C2805AA261295E7
                                                                                                  SHA1:6CC7C85DED85CBD12067D469040FE356FE905147
                                                                                                  SHA-256:08B3432BCA020144EEE63A8EBA54FCD9DE6ABAD39368E316EA5EB3F627E8C113
                                                                                                  SHA-512:D1C05E98F2615F6245767CC03D8368FE605AE50DDBD19C3F3DFE894BE26ADDB4844944B7207B417172DFEC561FD2EBED02E4B52199A414C31BF63525ED6E5FBB
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\MenuBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5266
                                                                                                  Entropy (8bit):4.7800368857594115
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWLSSQ7FUtyV0zZnr64Hlvsy3A:KtcG8Sp74y+zZ79w
                                                                                                  MD5:72E9D9E9FC99FA5DE5157CB65CAB7F49
                                                                                                  SHA1:8D973BE620F3BB6DCE39165DE53C2791907A8D14
                                                                                                  SHA-256:10B0380B7358DC7AD70A5DA292BEE8278A7171249C8E6B64DDDBDC4D64D6885A
                                                                                                  SHA-512:76AFF6AB7DE904EC73CC05DBFD7B76992CC0051BBF5CAC563883C6D29C4BAE47D21BD5B11063D2292B06772BE55D7C7974E698A155931FAF403C30471C5A0CE3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\MenuStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):19028
                                                                                                  Entropy (8bit):4.517836433157375
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RG3wzT7/U9hj3mJx81JDleATgJxKmgGTuNBb6v:RGgzT7/U9hjjeAEJxJ
                                                                                                  MD5:FFAAC9E0AA74D8288693E93C3D535183
                                                                                                  SHA1:0D8F124B31CC2CD66B769A0B462C3C95D7F6E7C3
                                                                                                  SHA-256:89F8F0FC50908E19EC2ECFD39AC53663E95488812E8B05966184E25B1139DF11
                                                                                                  SHA-512:B269B9F9B6143835A6F2A8B36C3560C545C8AAD6933792714765EB9ACFC38A2240ED660832338613F836B5B7A27814B0839BAD433D6259E0D6030C56EB3DE06B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\PieMenuStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13619
                                                                                                  Entropy (8bit):4.526104451067634
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicGPST7AttX6JwMo4n2j6CMFnA0HxogPyXccLZV1TSSEZE2qdBQBKk3ThdR:4G6HxfVRJWX1TSSEZEpBQBKc
                                                                                                  MD5:4331645D90F0E38D2486BB5B2C1E402C
                                                                                                  SHA1:BD5548BF8894E5BD20253A691E756A4702CAB0C1
                                                                                                  SHA-256:2E181DDA4E3BE6B21B5141C7B235E93FB25EAA54D21FB3038BBF861C9B445306
                                                                                                  SHA-512:D1337FB0148808E24FF0BC9AEADDAC4837428DB896830A7092078B128B5968DE59E4CB7244AC28632F63540FCA821872F526B23CBC778624DABAB81B6E981346
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9671
                                                                                                  Entropy (8bit):4.398147008349299
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGfSf6PYKu6KmdxGjeSunJPqvGeOuJ41jHkPx:RGKygzinJPex
                                                                                                  MD5:C29EDE2738CBEB5AFCF438CCB0AC5D0A
                                                                                                  SHA1:D71DEB3F6FB577FABCA903C22EDEFCE9082EB284
                                                                                                  SHA-256:D3FAAFA6630BCD03E81DDE2D87486CBCD0C4A5B20785C74342F37E002B65A2AF
                                                                                                  SHA-512:8D6E88B5B1AAFA8558C17E365F95C51C0E063D6DEE1ED12BC864B3AC5D370F4AFAC71A20F16751AAF130C991D57F9295B567AD7618FE87FAA7C3EF57202374F9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\RadioButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6421
                                                                                                  Entropy (8bit):4.608996006455668
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWW/SYUpuj3wPSmnEJqZJ/49kGAd/dR:KtcG9SBE8xnEJy49knrR
                                                                                                  MD5:D03303AF79AE603CFBE6876482F053A8
                                                                                                  SHA1:C8F44F484B05C75B8D081B89BEA1703BC9713E99
                                                                                                  SHA-256:A5A0081052F3AE4C8D97472CA1AD6AD67E8C4A05758143CB18CA8E99114DFBAA
                                                                                                  SHA-512:BDCED49DFE5E8F6C9DD00C432EEB5643C81352ADD3698D683AC9AB2440C4942941DFAA253BFB9C492A4B8BBD7E5D9C5A75A046B88931552218565AF0E4D154C1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ScrollViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17548
                                                                                                  Entropy (8bit):4.574607698856005
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGfSi2rZovoKAZCv8pbLGoTR9uDHmnuwPxmEaTjQe0RJ6jGHE:RGKVUlAZs8pJR9uDHi14TjQHRZE
                                                                                                  MD5:96833FE6D42FC67244982F05C244788B
                                                                                                  SHA1:0469818E36FEF3B4F009E7AA79A3BFC183817B35
                                                                                                  SHA-256:8E89154CBF7946D7655149B7F6AED77528C95A88F3F7677C2D1579DF9A3DBDF8
                                                                                                  SHA-512:F5D2A22D5621DB4E7DE9CA005801A16507C8271568F8F9950B04E76CF48BDB159854854071E05FB727BB96ADD1D927C6290C7E8C7107516A872F58F0315282ED
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\SliderStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9011
                                                                                                  Entropy (8bit):4.524730875753044
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWw/S1DvNkmF0vPwkGO+YCd19MznVXwznoaHFl4a3PkaCAc0rJ15o:KtcGpS17qPwJTd19inV8n3L52
                                                                                                  MD5:683EF25C8A8FAE7C5C6ED4E90F6638AD
                                                                                                  SHA1:8C81D572D01C9C7A9C7B1B871BE68576812F6447
                                                                                                  SHA-256:2A7D2BFC834A4A902EE60361A669355CDA0E401823F42137B83504F97BE0723D
                                                                                                  SHA-512:D334AEDEE899EEEC7AB63A837F71DB23C43A6FCAF0D768B71CC716BDAF9F3AFB8D81EF98CE037C77DC61B07CFE4F295DB1E3FA0257F79464C325FAC140C2602F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\SpinBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9683
                                                                                                  Entropy (8bit):4.650784716910415
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGAS9ZBKlV06nI8IgD7KCOCNoOCOCc4:RGD9qlVs
                                                                                                  MD5:0FD415924CB1244BAF277FE75A81795B
                                                                                                  SHA1:446E5BAAA1ACFF2D90397226741A8C49E4572B7D
                                                                                                  SHA-256:C92EA6D633E4B5CB1C2B547096D67AAB6476A9C7493ECA9773835A2FFA4E22F7
                                                                                                  SHA-512:2D55EAE74DF7E2A5C0FF73A0A94214F3AF139ADFE7D28B84CEB21C181CD51C53349C082E372048D58157AEE18ED653E5BCBBCD7735FEB4A604B309A0C334EBF0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\StatusBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3884
                                                                                                  Entropy (8bit):4.638852057422492
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+CSNvd4asGbViYjJ4:KogUldGcQWFSca3bpjJ4
                                                                                                  MD5:D7CED5BF6D92DE149E1784EFEA96EB89
                                                                                                  SHA1:C29645EACB257B526A17F921B4D19463AF3382B6
                                                                                                  SHA-256:E9C144D88DAB0D146F3B32023313BE166BF4FC73E589F4143F4417641789F3D7
                                                                                                  SHA-512:4F0D7F0B447CE10875D60C2EDADA25B9864F9F9F38005C66D45531822927B93FFC6447BFEA7BB3268DC748901F53D3496B39C004B1DFC8160614AAA4A5E2A14C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\StatusIndicatorStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9088
                                                                                                  Entropy (8bit):4.501823834100412
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KBgUldGcQWVuSqw1Q8aDFxHfI781cOMKjhKhqfaLR9XpNqgqgH/mOVGOsDMqRZd5:KicG9ScHHf51cAhKhqcR9Xp+P1B
                                                                                                  MD5:10364A6BE9565F48A752A82424D221AA
                                                                                                  SHA1:D33E7D56A711AB8EC4F4776A948F5518F3F49A53
                                                                                                  SHA-256:50553CE68ADB869229ADE37DE56D3517947ECA4A2C0098A0F3F765329A66EB1A
                                                                                                  SHA-512:E6E278AFD9E9304693B341128B3E6B995438034D955CDBEBC039CA2FEBAEF4B1ED426E86E7878A0E1FA0F7210D91663E890F3F0D596A7CE5475C8ABE6139BE7D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\SwitchStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6038
                                                                                                  Entropy (8bit):4.651338885566638
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQW6SU0ivWUa0fjra3HDT09IAY5ACDzZZ:KtcGjS0WoyiJCRZ
                                                                                                  MD5:FFB5F8291B67A3FC45CB766FB5401269
                                                                                                  SHA1:0EEFD1249ED80A0565635814FBFB856F02D8B73B
                                                                                                  SHA-256:56F01C435E5BD0B6ED7CFF22B68651AA2CAB6018956284E97220F6BA46C47333
                                                                                                  SHA-512:BD77FD4211FB1774369F7F209B0AC8CEE392B6F604CAE0B493C5505F24F3256B30BB6F2989388AC3B8C15DDDC9738A00378B758117DF4B915D69D631CC88EC55
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TabViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7770
                                                                                                  Entropy (8bit):4.62722489903996
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWHCSowyJ7pSQMBd+3X1yLv58TDjFLfoD:KtcGnSw5uCnQL2DJLf0
                                                                                                  MD5:D3E41A7DFE95B0183D16B0DDE4C29217
                                                                                                  SHA1:1E805515B389ED9DF462E58151DA0D2023E96464
                                                                                                  SHA-256:A5311934501B5029EE2BE2F6B75B00E8920EA05D0E96776FAE2308A5E955B200
                                                                                                  SHA-512:3FFCBB2087A9835BF3F9F7DD95EE4699E7BF7145E2F84EFB146A044144479B8A7545577C4A14623201EE9B7B43B23F5F37C6494EA6A2A265F0D3952485D371A1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TableViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2116
                                                                                                  Entropy (8bit):4.845502592991123
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9E9DsK2n:MLoO6E+iCshVKzlOWGf0hEVufy9E1sX
                                                                                                  MD5:C4442C528418356C4115FAC8F196E0E2
                                                                                                  SHA1:213BC47F6348B8D47672340BF7A510333667CA13
                                                                                                  SHA-256:8E717245351E3B2D37EBC2F86A21BE70DE1F23E400C4D87CE7F5FA5F7E15C9BB
                                                                                                  SHA-512:F4683A52E0CAA6F768AD89CB60515BEEDE6E9B3C82F4E2C9EB60AEFDB78117234016768EFAC93DE63D8004B4422616D20FC7DF1B5416EB171849531A8455311E
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TextAreaStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6192
                                                                                                  Entropy (8bit):4.708157783383541
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWESXxAygFMCOXyNoLyCOXyct:KtcGxSXxApOCOCNoOCOCct
                                                                                                  MD5:8C8C3A28F50309394B4688ACA4F59612
                                                                                                  SHA1:8B7F68738C1F942FE4B610054F4D57DE636AEA27
                                                                                                  SHA-256:F9D62727679FFB17D42739D59F0F5198C24650649C01CF0DC124EC413BD6BADC
                                                                                                  SHA-512:ACA39C177EED0F4E29AC2060973719DA681E1F345E969AAA0BBAD20B82929286C83584409FAADF5BCC75C857474DBF096CB981F380859E09E8CA297882455303
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TextFieldStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8423
                                                                                                  Entropy (8bit):4.6776172765953845
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWM/SRYv8/SNU+gEClouvAH/ARII/jYlPbDPMCOXyNoLyCOXyct:KtcGXSg8KW+B7YRI0MdDkCOCNoOCOCct
                                                                                                  MD5:70657CB2AB96E3A4FCC0C1AC76F19C77
                                                                                                  SHA1:E777DE5D90103D2E607AC2B32F09347D28A49DDB
                                                                                                  SHA-256:ED6D8C14FCEFF917C6EEF857723B8085F444A456B95044A01DB65A9E0202C8BC
                                                                                                  SHA-512:1D3AAAE1EC01AFBC588E99C37CC4C7DCED8B68F2BBA3385A973BF2F9ECCEFF761E4898AEAEB00A0C6438746B88685C93FD56A144A182B558DEE2FB0EA5DF1F35
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ToggleButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10258
                                                                                                  Entropy (8bit):4.560115668765665
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KBgUldGcQW+S2VLSjsLnLG7+hNDMO+Q99Orr+MR4GmwN7Ghw2FNJ/6kDsSAT/l:KicGRS2Vgszi7Ih+Qmrr1EN56kDsbp
                                                                                                  MD5:6C045E9D4AD44B2868CFB552F60828BF
                                                                                                  SHA1:B8FF107C21CA58A23F3D849C625D269DF2646124
                                                                                                  SHA-256:49EC038431E24C713F223054DBE5A9D8D4106D785F5EE2D108B5FC7103C4C0C6
                                                                                                  SHA-512:6691A18B70C835A43B4B23095B31AF82BCCF0466F04A6B2FB6A3685A4E0F659AEDACFF53340B440500216640579B4DBBB566D28977655BA62387F23C2082CBE3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ToolBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4448
                                                                                                  Entropy (8bit):4.635039369223241
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+SSVvj54cPQXJ5Vv2X4szt4fjFJZNnGeY4:KogUldGcQWlS0c+5/K4h24
                                                                                                  MD5:BE7A015302F2FD4F7A3851063C5C97A0
                                                                                                  SHA1:B412F4522F28BFCC30A59BC2283E773CBF64FDE5
                                                                                                  SHA-256:82D476FD3675E5F4AAF622EF0211835D859FBAD6E718FD5F100E9AC328EA4A0E
                                                                                                  SHA-512:46D3E7AE4B6BFDAD98B867615308801E590121AD78BA2DE5A2418439D9887E3075B5C24AE77C45A99BC6883B42A5979F26A24D082F65D1164391955F3100CD8B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\ToolButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4334
                                                                                                  Entropy (8bit):4.665613385293802
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+j+DIypJR9gXxXOXjQ7i1eipD+BrMX+sf:KogUldGcQWi+DIO4XxXujQO11+tMXTf
                                                                                                  MD5:E6F68E889EFF0EF731F480A5FDE7D338
                                                                                                  SHA1:8BE57E64A6B9F620E132B88E2CB363D94AAE3696
                                                                                                  SHA-256:195B734636F3B55789CC07BADA134D37AA256BE989D4BDE8E10456C598DEABF0
                                                                                                  SHA-512:D3F7DB5F8C64E07A2B764AD9BCDCAE6833B62F58ECAD81C88E9E2C413E4CF641EF3F334392972B8559CF0455154C1038AB21E267D25398510B297128093143AD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TreeViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2813
                                                                                                  Entropy (8bit):4.866384722770099
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9EM+suBXZ8XOCNI:KogUldGcQWau
                                                                                                  MD5:B6069EF62D8936486E3C0C6892B302AD
                                                                                                  SHA1:84051674AAB7B3A78B09980148B6923737CD55F3
                                                                                                  SHA-256:838C9D6873D47CED64C308981E88265F2CF80F42540B94411B28C3A5EF930349
                                                                                                  SHA-512:FF30D8E3C85C7279D325D142CD16C445E21D97DA06BD9FEFA24A27675E6A5068AABC7F0953FB328994F2F0CA7E3466DC5DF274141166CAC544A3FAD010A30149
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\TumblerStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12873
                                                                                                  Entropy (8bit):4.629428348660201
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KicG+pSto6U19Emc9W5gZddj3fQSiz1G6BrY4OY4Rwdr27rF:4GJeV1GWO/djhizI6BVOXg23F
                                                                                                  MD5:5EA000E9BF0E1CCCE4233B9BF5AC8916
                                                                                                  SHA1:811CC28DB468D3B5B5FFDE90E27EAE874B055372
                                                                                                  SHA-256:D23A90DB1D8B0DD7E49F7F83CF9C8BA510B2A14125A452F222F82068822457AF
                                                                                                  SHA-512:E79AE8E19F7C13E0FA744BE2E97A9C035A41244FEC17A915919544B5D193CA193831D4C0EC79F357A60B5F36A0E563F129CBD16B35313AC26BDDF839D7DA8CC4
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Extras module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in th

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 7 x 4, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):99
                                                                                                  Entropy (8bit):5.3926034695973195
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPly7tJXzRUyxlXsV7Xb+khWmj/mleup:6v/lhP8HUy8xPhLm8up
                                                                                                  MD5:9E26601B6D0263DDC931B562739789DA
                                                                                                  SHA1:CFA26B6B614F9434FE8CF4C332672F6A99F1E030
                                                                                                  SHA-256:0D0F06D0E93C8A2F28DA6838BB0BDC9B46DC79BBF0876DB9DB7DFD86B133CB9B
                                                                                                  SHA-512:198CF67FC584DB1953069D3BBAF7B5011B8C8A4766212DC22FD1F1C28BFE577102B53A31AA6BACC060FBD3D2719720CF61D67850975067E91DA2A09D956DF905
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................*IDAT.[c`......2081|.r.28.I..W.W .?D...;....b....Y.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-down@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 14 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):138
                                                                                                  Entropy (8bit):5.913104986410572
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlZLtsSp/uugkuXrn7hd94lVF3G3psqA/75dp:6v/lhPGSp/uPz7L9Ke3te75dp
                                                                                                  MD5:2A3FA1EC3B03ED9B5FCF208CFBCA80AA
                                                                                                  SHA1:44629674E7BEE50279125EA993A253FCE734B3C5
                                                                                                  SHA-256:B78BA36EF95DEBB02D5216BC9A2B92F6A9EA20AE90D3985EB44829A358894ADA
                                                                                                  SHA-512:995E7BF9BBE1FFEFE0FF8382AF49721C493D71E4CAA4551C3AE05D13C3C79C17EA10066683310A8C3CC68DBDF5F7775AAC58629CF17E98F250F9FA0DF74393A4
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................QIDAT......@.............,....93Q|.?.p8.......0`ox+.%i..c....'...|C....../x.VCI.`E.b...2....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 4 x 7, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):98
                                                                                                  Entropy (8bit):5.206412870756318
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlJ4tJ6JYMsA98MCnAFttpTSQ0OoXB1p:6v/lhPst0JYMs0fpSOojp
                                                                                                  MD5:A2D915B434E9F0B76330C66CAC462E93
                                                                                                  SHA1:552A2047B07A7E4394A43ED34CAA1C4CF170809E
                                                                                                  SHA-256:E3EF46A5A48C488F2AF7E46440E28CBF292A8E640144DFCAF896682409994C1A
                                                                                                  SHA-512:825EAC978A84893C45F886EF947D4435DDAD7065C0783E9F6203C39DA27DA225DE64A61BABD550D40CA892D42B21CE79A8203D427B6E8B8DE5C7AB1374CB3E8D
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............l$[...)IDAT.[c`..'.........d<.S@.;.W........g....i..].......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-left@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 8 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139
                                                                                                  Entropy (8bit):6.070522563629401
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlvfD4aFLzDCO6xdhMHo+cGaauHo28ydQeup:6v/lhPeaFLvC9R+cVTI28+Qdp
                                                                                                  MD5:34CFF14C6287AA225F809A2B394BE44E
                                                                                                  SHA1:7B5C7F8A2C484D118E958CD9D366CA95FFA01B6F
                                                                                                  SHA-256:C5C3D15C8CA417E66569FDFD69EDE83F6A9F338524E55C21FFD86F11880E4C8D
                                                                                                  SHA-512:05A19D498BFBA572CAC54048BA7F4C6CDE7D3FBFCD0EAE6BBD6C344A3AF56BE128DF7E06C95632C24752781708515ECA7C775D0EA9E705C700215B8B81A6C1FA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............V]....RIDAT......@.C.w..@..-.....Tl...AT\b..b....k.....F...Q..=.1a.L...."...S..wjI......<..#......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 4 x 7, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):99
                                                                                                  Entropy (8bit):5.230333101040782
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlJ4tJ6JYPBxldLmKXEUvsjlkojg1JU/1p:6v/lhPst0JYpdKKXEUZojg1Jcp
                                                                                                  MD5:1480A736DFBBA89EF423FB99829C8C30
                                                                                                  SHA1:58327CF559EEBB4F88B193090F5F7E528C0835AC
                                                                                                  SHA-256:ADA31CABDF339314064F905EB072A0895EC07232E8287A9A22BA82A34FADD378
                                                                                                  SHA-512:AB4AEB77294EC83484A4352D8D51BAF7A41ABFBE3C940F7BA9A04BC6114FDB6DF146FB5A40F1A47D903DFC46C5641A9FF09DE632CC2B6E950D82FE5A8DA6E3EE
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............l$[...*IDAT.[c`8........2.B. .;.........F10.P.....:.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-right@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 8 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):148
                                                                                                  Entropy (8bit):6.179148904370533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlvfD43Pl9k0yonHpjv9cl1n2KWT7D3EutkXYJsg1p:6v/lhPe3Pl9kc9HrVWKp
                                                                                                  MD5:32BF30A66C6FF87ECDDDBB59D974FEE6
                                                                                                  SHA1:4FB8DAC785E763F3A629497159EFC6AE94455625
                                                                                                  SHA-256:2007018F329B461364A4E038AD5CA032152A3D25B06394D32E1BA1EDBF2DC27E
                                                                                                  SHA-512:D374181CEF3B4D66C599FD9CC12BBC12F161CD1B5EE4FE2516CF9872280ACB914116C4EC896A180C9B0C6BB879B516E183FC9CF3DDB159611417A4A17C617971
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............V]....[IDAT......@.@.Q.0...hK0..l....LD.>.....X..`P...^B..B.. A9..9J..?......xc.|b....;..0....}8.$.Tg....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 7 x 4, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):112
                                                                                                  Entropy (8bit):5.6716991238441095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPly7tFfJ2Exiy9ofXhfNy4hZYDxDJnF2g1p:6v/lhP8xJj0tXhfNy4PYDxVF2up
                                                                                                  MD5:BCBBB04747E7558F52BC6D92574201EC
                                                                                                  SHA1:29FECA33E341D21367DDF0055E016377F2A758DB
                                                                                                  SHA-256:D06DA849C008079507F4951696C0C049D080CBCC05D757055D8C98EC23C810B8
                                                                                                  SHA-512:7ABEDEBB35119549443FB98CDC9D9C1FFABAE951C3554A992CB84585A9D51A0211E198FAC33D41E0859494057E3FD35BE1AD904995921F34A191B02E8474A5C4
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............B.%}...7IDAT..]...!......[.]\.&_......D.hXh.U...b/o<!.a......&.".,.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\arrow-up@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 14 x 8, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):155
                                                                                                  Entropy (8bit):6.234159177694252
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlZLtsSp/dseJ00onnXAeqgLiIJ3KgahBctIgjauoHSXB1p:6v/lhPGSp/u50onnXAeqEiNfhOQyTp
                                                                                                  MD5:BB0A46E6C1771A779201A47145C61ED6
                                                                                                  SHA1:2CC14C4871251DA64879C921A6F2CFFD8E5D397A
                                                                                                  SHA-256:E3A73C4AF918665D2FF75FE367E207FD71AD96FF9502D5120586A92D4076ED34
                                                                                                  SHA-512:5AD68791A5FD50C9A38988AF39D1AD9124937A4ECF925EF9D65536B7108491BCE7EAAF3D84B2C70A3D19EF0E5F107AD2E15EDEE40129B52A60BF0F91C9489F52
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................bIDAT.......@.E.CzP.S...2.2%.....I.$>..w.R...S.k~...R[._B.X?P.bhB$...2.....E..j<...........8....../.4[....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\button.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 68 x 30, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):554
                                                                                                  Entropy (8bit):7.052906621637133
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7qFyVzV4Pd4BWgpKNoqW96qWd6RDk9wavyjl7LhYjiBflJg/:ZyVOCIgpKoLchdQk9wr73BNY
                                                                                                  MD5:7D2A593CE15F1C18ABE05C4BE7B623FA
                                                                                                  SHA1:FB6D3E41F21C23B430C91B08477BCFE78BCB0409
                                                                                                  SHA-256:BE15DA1B5DF9D4DB06BBC55673731E3FDE23E82A3983AE7A560B9DA1203A65AD
                                                                                                  SHA-512:F317EFB953B2B50A5F321306D6870679CEC8FDEAF660729C616ACA070474B9A47B4DC1125FAE56CDFF5ECD7C9EE73FDC982CBED0FA5AED1B633B5A3BD2056CDE
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...D...........H.....PLTE..............................]]]..........................................................................................................................kL,|....tRNS..........$&(/0...............&IDATH..KN.@.D_uzFb..F......!F....I.1..E.D......^n._.....=.,....4.....Z.o.z...2.s....{....."22.J........S5..1R....yN....p..Sd.i@......x......a.yN.u.JV..Q..I.@0...s.l..-}...n..m.N.........%46D J...L {>..c...[%>.k..h..>.c....*...s.......l.....5.V..Yj.l`.,.a....f.........>........?..]-.?.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\button_down.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 68 x 30, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):203
                                                                                                  Entropy (8bit):5.889660105398947
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPmv5bdss/YbwxklpLO/KYmufyYFa8up:6v/7Aq9MizLFai
                                                                                                  MD5:30086C443E196DC76E4B63449E6EAE76
                                                                                                  SHA1:225856C88F9C9F27FB7EBE7FDD71ADCD11DAA228
                                                                                                  SHA-256:292DA1564CEA53FC63203D0184FC0F2849C169AC3EC948A0344C31B674ADA3EC
                                                                                                  SHA-512:B3DAC0E218C50D5CB8984EF670390C602D8F427E45599D2CFA12D89E98620A0EA60BC0BD7D02AE27E19A6596A2CBD013CAA962C80B2457DCB0F9DF289AAA59BF
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...D.........g(.....0PLTE......III.......................................\..\....tRNS.. ......?E.d...AIDAT8.c` ...f.....{......8....&0p......0.dT.pV.NX..a%.....V"2=...{g..d+J....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\check.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 10 x 11, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):176
                                                                                                  Entropy (8bit):6.151672179013188
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPlH0tvl/24hGnlMWnZ/Cy49V+tVq/26yVjk5xoNpfKZSKVglzfDl1UQ:6v/lhPOtvI4hbgZ/CHV4EAVjCo/fRKK9
                                                                                                  MD5:B4FABDCB9968F11AD8F464A0DC1E195D
                                                                                                  SHA1:F6B40549F93AA73DDA93965D494704F51E2B2AE0
                                                                                                  SHA-256:F47290E13D80210EDBAD66771068146D2C2B81FC444448CAD4DDC5D5FAF733D0
                                                                                                  SHA-512:A9BB46B285499E40AA6B0D87C82A9CCFE925B30D28DA7F0B2099CA8DF4365211664AE4BB124B3E857F31222DB320F08CBB1F363EEF209AFB7F4FF80CC5E93E4C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............g....wIDAT....!......s.@&ZW..m.p7X.....X1Xl...a......'.............Bc..;.5......H,.....]..:+..Q8.h........^.........P...G..J........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\check@2x.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 20 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):417
                                                                                                  Entropy (8bit):7.342741240452635
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7+askHuEhsylgrZWI11YO1JnSC0wgDiIOHt:zkHC71REZCymIw
                                                                                                  MD5:94E4C2FD0E6F3A5C2F5EFDE68238F52C
                                                                                                  SHA1:5A5756076EB42B6B19C047882537CAAF0ED999FD
                                                                                                  SHA-256:F645F3D5464155BE90FB470BFBBCCCB0D4A821B1BBD7A19CFDE462353387FC78
                                                                                                  SHA-512:71835DF6CF370E14C7EAF03C69565CDE8F3FDC31CD6A53E9E8596B89AED203925A73B18FCBCBD5ACC0E1D949F4779F4F6A9A02F71A8F75F451A0DEBFFE96EDAA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...............o....hIDAT8...K+EQ.....%dx&...........@H.H2._..m.9.EQFF...2R.....Z..n....}.......P.W3.>..".....k.../.B].di5.`A.Z.&.B..p|..>..+...%X.7..Y..VpY......0..5X..}7.......w...\.....[.8.A.Z..d........Xz#..VwF..O..eX.'.......(.+X.<}...]...*..\.T..).:.&&*...t..p...A.[..<.3...g..:.I.d..e.?Q.B.......ju)9)..y.....@.w.!\7`...w%E..z;u=...S?....r..c........~...K.[..]i...".....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\editbox.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 68 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):416
                                                                                                  Entropy (8bit):7.3708761233550355
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7jpJOtqA0d8rRVFTfOY9GX10ykOv9jq3:uHexrTdfH9GXRksq3
                                                                                                  MD5:36929CFB5F181721B79C0027AA0C7A66
                                                                                                  SHA1:0CBF1BAB50D4CD36987BD5FE5C621FB48AA5B8CF
                                                                                                  SHA-256:B206EE4D86B6A279ABAADEF8D674495066BCA353479BF4EA7ABFDCC645FFC3EA
                                                                                                  SHA-512:9DF12E1BFC96A3C879551B624C1E07A3D04A29B42E206C06D8193BD1363F36459C2A4B2CB8D19D322FCDFE2CC61B42787B35F74AEAA10DE7654AC5784E3F5B30
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...D............#...gIDATx..1O.A.....3..X....N..7..C...11...*Z..9. V&...,..F0h..n..dw.f^6kD....0.n.l0..Y...H..:<.F..8........Z.f...[..,...7...m.v...$...].'.(...y..Jahs......`....|.'~...... r@("Q..Xk..n\d..aC....#........[&f..l....s.........D.QA.&H.o..gW.hd42...!...D......FF..=D....G..b...0..3.....T*..x\m6...v...i.d2.H?...z.6I......-TD..(.^.......9...#.T..".+0.........1[......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\focusframe.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 65 x 30, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):271
                                                                                                  Entropy (8bit):6.184821585791818
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPqIltGmQ6dJq3El3YciKebcww3dsdtOG04tN3VwjKJ1yvRp:6v/75Mp6SElom2StstVVweJ1Q
                                                                                                  MD5:71B79B7CC09908BA6F8FF40C0EA10510
                                                                                                  SHA1:22388DD933F089701310845226EBB790B7EB8513
                                                                                                  SHA-256:DB272A7593D3CD66AA2BEF945C96ACF62BC0BDFE458E11CE20C72BCEF5CCEACD
                                                                                                  SHA-512:AE1570ED60A621BB14B15DAAF20D65838EF81B245F1014070135B39CA5472442CC53BDEF6024834356C30608FDC087D543FF93392BB5C0E464F26D14E3D5BB7F
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...A.........D.U...EPLTE....f..................................................r..q.!7..8..9.a.'.....tRNS....#'<<=>?@@ABopp.....D......bIDAT8...... .DQ.".c.H....<......p..j+...).Of.....!..{.....2..m>3.`..&..p..U.[.z.....'..".HE.zH.}?...oB.6....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\groupbox.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 98 x 38, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):225
                                                                                                  Entropy (8bit):6.052488438839991
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPMa2sRVg7hr/2ztQ0gVcP04F8jesU/Yp:6v/708odRHBVjzv
                                                                                                  MD5:A78C4CA79750EA1BCE8914B870E7E5AA
                                                                                                  SHA1:F7A96194B043C552FE9259934B9A78A8AA625601
                                                                                                  SHA-256:4470E834BF1A8C2EB025D651ED5BBC71681AA898388AE17F8B276E8AD641A0B8
                                                                                                  SHA-512:2B839324A3247E0E4AA20A283541C4037269A197874CDD99FB53E68641A67C8A9B96A9D1036FB3D087BCA62CFA77BD77684F8CAE6C389717B48DBC3597B9E0E8
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...b...&......BSG...0PLTE.....................'''^^^ZZZuuu]]]lll[[[fffbbbf.K.....tRNS..........244579.^....PIDAT8.c` ...YE.X...........Q.$...eH..+..E.th....1.cT..z. .l'...m%........zp;....DL......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\header.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 21 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):383
                                                                                                  Entropy (8bit):7.316897675335883
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPu9jK09x49vwpNyNSa7Rb0BA35eP6VNoqxQyNZ3JBaWCFoa8akWWvRJyenr:6v/74/EaNQ7t0O35ee60vOLSa8bNRMer
                                                                                                  MD5:9B795F12D86235B8053696F858CFF40D
                                                                                                  SHA1:E7E36F304EB356D5358A422A1C4AE5CACB4BEF19
                                                                                                  SHA-256:FEF52D00A955B35D50FAAFC08C9F0C6C55D4BC35B01000200E13DB44B59EC9BD
                                                                                                  SHA-512:4A0841C0A1BFD03DAE83B5B991C069CD0BC34FF06A4C990A189A3023AEC494DEB6AF376A94FAAB9E2BBAE2B4147AB67447768CBF39D2CC67272623011C602456
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............NF....FIDATx..K..0.C.....9J.VD..%..v...D.m.$..i.~.~...m.u.8.m0 .`...+...H`..E....".'].xygd....V..".. !L.0......%!...T..yK4...u........a)\..Be..@JiV...D.gM...J~.BI...R.....,`.5......k7...".8|j..@...C..~1...i.{...D.N.M..G,...hh5 .>v.)..P$YQ../w.{.,w.ii+..R..j)......6.l*.._...........J..*7..r..&<-.S.9..........(.q..7.-....E.c....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\knob.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 58 x 59, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1703
                                                                                                  Entropy (8bit):7.847758130427772
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:rmAlUclYkw8yHr6gUjDQoFT5HfEQ583AS5Nou:rpWclZyHryVXsNQgF
                                                                                                  MD5:02945439ADC155CF30AE30BB93EC490E
                                                                                                  SHA1:3CA68D3D1410EDDC124876F36433CC888172A93B
                                                                                                  SHA-256:455D05DDF72D76B5A3C8B4633FB19493511DA4E04719D308DE7A7F152B516B6D
                                                                                                  SHA-512:FCD330CB079AE3E24D2664384AF53A4E1D76AFC1E611B18B488EA037827A1B0144195B038B8A4ECEA80ABC6922AE3CF5A0B1321DB3EDBD85DA7647FB219601F4
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...:...;.......Q....nIDATX..X[l.U......H[E.....5.5(..`....}PcT..M..E..>.`....$..I.I....1"BB...!...i!......9..;3.?g.rQH|`6........7...]...&....[k..k....,.z....].P....H.\,.7H!.[..t.;...k~.]........y ...... ...O.U...*V........5...U...1.zr.'.s3>....z.+ $.P.A.h.....:.n0....2.....'..&0..$.f..4C...4..yr5...O..........P......zr.4a..T...\.Pd...../.yG.W.....*..\.').+E....1 1C..7.._...T<w.. S.6$....._.........,.x.+....C....i.LLYr......2....5.X~.N.....?.GDa.NH.v..|f.X.a.f..s....)....M.5....i.N........,@.F\.<4.....}.O/m.....G.h._...]..r......p.....U~^;..<...s.@.......[.,.`.W.,....`qP...*..C,.:./.M[W.....~..Wi%.....U...'xb.F..o.4.Mo..`.]..K0.8O...Pc<M...8....R....\CC9.N.Q.1....y.......H.h&Ft.......G:.-X....aztn.a....nb`I...^.g....h{..j....3.. .h)}.t.$.PFA.M..-...l....R..V......Q..M.....:4m.1U%..W...9..6..9l.-..l@Q/.LM......u/Y.........=4).s^y.:9.d...D#.&.J....Y...1.....a.J..&.%.\z.....<.i*.j.^........7.1..m.o2.....O..P.=..+..D"..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\leftanglearrow.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 21 x 33, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):206
                                                                                                  Entropy (8bit):6.337291568109683
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPHbkIstUxG+21n4eD+m4NMEFtoMSjp:6v/7PT6WG+neD+PjM
                                                                                                  MD5:A6F7DCBF0C95F2EA039AB48656F697C5
                                                                                                  SHA1:21AA8F782F61D6FCC2DF6A473952D3CC429A1D97
                                                                                                  SHA-256:83D96C6CF82EAEE7684DC663B3072B10CEE5C1B3C9F9F1C49FA7BA32CFFABC40
                                                                                                  SHA-512:5293FF25CE5E37413F19CA752A993E6B1EA22D553EB6BD9796751E94D82DCBCA1644D608B0C50F7BDA426FF78F110FAFD9BCCAA73A0E8B4FFD6261788777BD59
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.......!.....6..-....IDATH.c`...............b0...@C?....S......4..Q..F..D4... .S.....(.e..o..~..d......r@./...H?.IPJ...x.. ...b. ......2p.`........A........FU...2....n.O'.5......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\needle.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 17 x 201, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2036
                                                                                                  Entropy (8bit):7.7960008441887965
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:L8S/XFZMsP9ZpnE9JiXKfZq75Yk0ylh5a8Z0p8f+NLcb:5Xw/92Qtora8ZtWmb
                                                                                                  MD5:2DE13EEA606A194431BDCA46C69B9D66
                                                                                                  SHA1:AC820D4142AF9CB8DB6091760F00E818A37F471B
                                                                                                  SHA-256:DE0BD47828AB9C6929A5452D96B5C6AC13B99C0E3FCC159C885EC15A4CD3E2C7
                                                                                                  SHA-512:5C3245BA2257244CAF686C0C5B9DC4211208EB33D1BB32F8EA64F7DCFB613FB57F1064C928A2567CE83524D1995F20069EA5B8E4B2F2FE4DA9267F746D0D3D08
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................IDATh...#E........@...;.TH....C.@b?[X...F..r.f.U...u..F..(.T\..\.n.....sq.... ....O.[.<....A8.....?.u.....".....'.g..k.8....E.=.....~..*XpI.ac*G.Ok.#........... ...Dp. ........c.....K.q...p...a..*p.R.,...K.....@.m....b#A......F,./.D...9..D..@v'.O....Y.kch.{..i..>...$~H......7i........-A\..~.O..\8....>..K..}|....8..A'...!.t..P...4.|..}*...nZ.w.t6..&..O...3:C<..C..~.V,%...].y...I...O...S......h..'...\....|.,.~a.AlG...y2...i..vu.....'..+.8&`...:.x........S..X._.9..9...\z%S.b..I........AH..j.Pw-v.Ny..!.y.y.[...V.+.nr.Oy....j.......e).[.......2.M9V....N..6....D..u*wd.%y...em.R...@........p.,r.x..'~.'T.$.I.n+.....2...Z.........F....pE}.w_C..5Z.....O..8.O6...d..N......9O...Ci.K.(..jg...I,..J.OE}r..8.W.<...b5.x..d./y.Dg...'<....U..gL....W.d&.).r..'...jy..'D....j[K#..K...,.kS..O6.'V..t......K..R.....D..D.}5.-".5[...jG:_.X..f.K...".D@%Oh....B._..F.Q..e..J.X..6.}....Hdl.U....\..}.i.J..f1.....K..<......[....(N.wRX..u.Zr.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\progress-indeterminate.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 60 x 38, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1453
                                                                                                  Entropy (8bit):7.436248461607645
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:pGy3OXplLIOIs/+mexpuYt2M67hZzPZgOM7c1glYa83T1QRLgqIgqJpa:pG7pVIE2mebZgzY7c1SYbRQR8Vgq3a
                                                                                                  MD5:D6A834191405EE2D93AF835999A0F3B0
                                                                                                  SHA1:7707D93FFD845E9A4EFA36DCF054093F6DD3B6F2
                                                                                                  SHA-256:10DD5915F0352AE3A58B1250E449660537AB36FF0B70DE6F54D3E22AF4EDF0D3
                                                                                                  SHA-512:A45F058E954E7CF1F9DC3967CD0D150706DC5B9D3339F0B4791610E5CDB59035B3F8FDC2F812A7202AE40A5AEE0C5EAEF0D893F6A28B6488845B33B8B885982C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...<...&......o......PLTE.............................................................................................................................................................................................e.....?tRNS...............................................................k>/....`IDATH.M..r";...}..a.Y....!....-...k$...U.QY..#.(..D...w.......,.H.{.Qh.)..iL.R...9..5(qx...>.K.5..y...=.$.Gi}}kS2..|J. h1.$....R+.@.>.M...9.p.....Y*E,P..!.<..!@....M(y.V.%.\...,/.J.R...O....5xs.........;..K1.p..D`...3..y.W:G...~...zY.~.|....j....s...3.e.....\...B]1<HC......>..I|f~...2..a../..f./.>...f.Z.>.$'..U?..8f.Yr.....Ii..^>|.........c...........)....~.-.......:..?..Mm....#0.|SI..:Gf..J..P..-..am6.~9.7.\d.k...Ed.n+l.<....'IL.G..........V.y.)-..._.3.9y..s.7..+.$..V..9.fdf....T..g..FPo..u.]U.Y..E...xf7o..........*..b...gF}...I..z_..K..y.{...1{..O7[<3...e]...~s...\.".'.7'.....L..X....a.75L.4H.9..lt6...$]x...n...WF.{1W.s.d...*.3....ngE....r..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\rightanglearrow.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 21 x 33, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):228
                                                                                                  Entropy (8bit):6.39399325133142
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPHQWw/kIWhbPHHmIqHaPUdUA3x3y9wuTp:6v/7P2sIWbPHI9dUxR
                                                                                                  MD5:01D831D0914774969825F38B3B9C7211
                                                                                                  SHA1:380F64DCC9EB7B2279F341A5FCC0BD95C941FD39
                                                                                                  SHA-256:CB264368C0D4801D4DB4C56653F57671D042C591AE24824C62E24D5545890DE7
                                                                                                  SHA-512:15A13F029B81CC824D46628E80B87A6807A534B658BAE608D67642AC7F5A961E6019CCD795F00FFD6301BF4BBC2678AFA6F2E4592E762D92954839525D78AFAD
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.......!.....6..-....IDATH.c`..`...GM{@....@,H-...=...@LU.5F........,$.F...Aq.h...J....{....+.+.1.0..d./.z.@...i52.@..*.A%.......).....JP0P.F..g.........%Cp#bp.!...T.8....<......6...;....OB........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 66 x 17, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):825
                                                                                                  Entropy (8bit):7.181170546983538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7bjVM6O85n9u1pA5bNNRQ6gQTX2Eu2i2V7WaD+E9yqw77POBSNVYk4w+7Q2bp:CilanypGNRQ6puE7Wa1yqk7PMM2bBtS8
                                                                                                  MD5:98B77977A191E201FE872FD67EEB76CC
                                                                                                  SHA1:54DAC271DEF15A91A448C0BB1D81D1EE3B7C831E
                                                                                                  SHA-256:EE8C1C4B11E8A4A50B08D7597583A0D3CD74E7CB9B77DE47FE8CFEE71B3E4B5E
                                                                                                  SHA-512:EC25398A9B34192A6BE506209F071D0F06EE567FA898F099D9DC9ED97A547D32DA71CC7D55452E7B1331204870E76831D6995BE04A5103D8175784E3E2EDF41B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...B.........^......&PLTE......................................................................................................................................................................................................................................................................................................k.......tRNS.................IDAT.....q.A.@.WG....a...Xf{.b..0.e..p........l+.>.TI.nVb..)>e.*..L$.w^XI{..w.$$.6X%.....H...n.d.C..b.u....r.......HJ:.xW#........^.U..E..^..m4..RO5.y[.....|...v.%.a.M.s.g...z.B.ddj.A.Z"..|..m..ln..'+<y.%....<6.%b%.rs.8.h.4l..nA.9pq..'7m.....0PL.......(.LUh.H........8.....?M.&.-...^L..3...0JYzI...L.U....S)>..h..P}.k.G..dm.<E.........mPy..a.^.W./.K..f...h@g......."d.YhC@@.ln.|......+.jO...FH...(i..*.. ..!.....;.#..3*....DD.h.t....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-transient.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 17 x 17, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):153
                                                                                                  Entropy (8bit):5.417362301449934
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl8DBry666666JRl/hkegCt5hGZgg1mmmAplms2mEKON1jltB1p:6v/lhP61ry6R67DKqt5hElHmAplP2mEF
                                                                                                  MD5:A134D237A48910A55C7AE34FFD5ABA46
                                                                                                  SHA1:DB72AA287A8FDB2E0CC0FB778AA7E9F2CC5B0E1C
                                                                                                  SHA-256:BFE3263258A144CD9D2B85B6CE4CA15614E6CED6BBB263759DEACEF83C61CE92
                                                                                                  SHA-512:B4BF5D8BE626D0B3980441607F2AA00A370CD70AA06B5187CEACF4C45A8F6A168C09FCC86DBCB47802EAE891D666E14030E18C9A1AD98F50DCF15E608E8AB579
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR..............CZ.....PLTE...............5@......tRNS.Y.........5IDAT.[c`@.F....C.K.....B`..#..3......a.P.B....a/.[`.....%..&.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\scrollbar-handle-vertical.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 17 x 66, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):839
                                                                                                  Entropy (8bit):7.084145875349208
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:4PJlanypGNRQ6pQlBL5z13aTkITPvn4ymZnIohGUa:4Pgyow6pQl5V4FP4yshra
                                                                                                  MD5:37CDF30009E9CB143DEDF765F1C55BDC
                                                                                                  SHA1:6FB1DB37A28E11B8DB7311BE340E64B89FAA6D4B
                                                                                                  SHA-256:329501784A775761531C0E82B2E74CC9CBA464C0A38E93DB3323054C5F117D56
                                                                                                  SHA-512:1A52BE2341932150206B7A380B444EA23E3452CC4570740E11119DF67B2A554073971C079DB2794AEFF516CF0E608266092252F685E2D674FA51293DE90DF8E3
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.......B............PLTE..........................................................................................................................................................................................................................................................................................h..S....tRNS...............IDAT............'%]rHu.0U......gj/............_.s.._wgr..=..$.=?(......".y..4.Lw.6kT.K..dl..xV..*af^3..X.:.Z..q.u7...5s..F.}K..Z....Z......s.b....q..y.. ..f.. FR.['?........N....T.%^.Y...=.....c....`.N.{..@,3.w.xT..7#6rG..% .....^......j...V.M..8.....8G.....[......G........(..g.7..[.t..D.a_....+...m..r4ba..M..vq...EX..{.. .]..a...M.....Q........}....[......~u~ .>..cwY...G........zh..f....s3.kf.x.ywtz.#..z.v.8...3...{....w....18........A.('X.H.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\slider-groove.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 66 x 29, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):565
                                                                                                  Entropy (8bit):7.197419983507909
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7ljaGgjivMGmrAQIZmxE6LeyqcKRKAq4efxVi7NU5LCtfGQmMcSQa1I:mjdsivbmc1cLtjFMNJfTmF6I
                                                                                                  MD5:2F055CC607C1CFD46EE5AABBB1672353
                                                                                                  SHA1:D1EB517C6276C6C3635B075728C1F52E4027F796
                                                                                                  SHA-256:D2BCB94DDBCB5803B9270F782ED52C7B6E0D1FA9AAF7DBFE6E41971C0CEBF46D
                                                                                                  SHA-512:734A7B816B541C295BD51FFD1AF7A601E62594C07B82B9FDC4706CFCFE84D59ECC22E5F35205ECB5883FA8C5B71A4BEA6A6585DC8ABE073865461168617455AC
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...B.........)RJ.....PLTEDDD........................gggnnnhhhhhh}}}~~~iiilllnnnpppqqq...........................................................................................................V....tRNS.FG\]]^lm......|W.U...0IDAT8O...r.0.D..-.W...ev.JV.. .-...: k......o....._.y..B..q........oK...=p.........q.....!]...8r.c_d)...b.M.`.....qTw.....@..4.ZQ.....H ..8.gn`%..l.....!.c.@r...-...L.0...w. ...)O.zY..g...t..6..j.........s.\...s.,..^.-..q.c.[.nWy.-........<.;.x....Wt.g.....I...u...0.G"..t...].9k.....).3.......IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\slider-handle.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 68 x 30, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):524
                                                                                                  Entropy (8bit):7.0709053737113985
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7qFyY4Pd4BWgplmtiCGbtSyZ1ddm5p6Dhovl+4cg/i:Zy/CIgp+oniDvl+Q/i
                                                                                                  MD5:5E45C866A18ACB5A644D250701644FC8
                                                                                                  SHA1:2A7CC87A8182CBEBE930F0050E092E77978549D0
                                                                                                  SHA-256:C78405B156497C8E84ABFCB97340FFE1CEF4599DD27C3EC4BC8FD282F90B556F
                                                                                                  SHA-512:33D04F540D12A90F968BCE8C647FAB409AE88C638380E11F031907D05A10DDF77414F2AA4C579B2BB6E99B6C47647819DB10D74D83B596058FB3A25C4F405CBA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...D...........H.....PLTE...........................III...................................................................................................................tRNS......... .......x!.f... IDATH..MN.0.D.........%....'i.5...S..=..j.xpb....D...~....e.wP..S.5^....8:..p^...s.."..P.....AV.W8E....S5..1S....}..d.S8T.%r.4..Kdz~.......i.}N.1K%+P.(.$d XnW...9O.B....c.(x..m^"..y.q.\BsC....e......l..b.!..]Z.6.)N.b..."..#...34.q.Df...:...T...[..iJ....8...........;D;.H......].D.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\spinner_large.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4723
                                                                                                  Entropy (8bit):7.85765721156218
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:lYwiXFuqU3B7ZKDogixWMKvubbolOJi1JTrLEFDWI4gGI:l1iI7Zao+MKGb2OJi1JT36J4PI
                                                                                                  MD5:C27FE30DB418E02A6373E9B5E5B5647C
                                                                                                  SHA1:713AC1F8D6A98301BDF8AB4B0EBFC7AB491F8D3C
                                                                                                  SHA-256:C1FA1F01861AB7BB548BEDD730A4B120C797987DF10CF7BD2809544387C7AE1F
                                                                                                  SHA-512:D7A434C360FCF97E2C17482ECE0A43EF987D32AC5E71A1118F9FDA98CC484998D2024F5BF37311DD012ECDE9B5ADD71D556216AF355CAC39D42D5C2897A5C0ED
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............i7.@...:IDATx..y@......E<A. j..F...).,. +..}.}....,..r...).b.. H..l...54}.7.M.Ic..^I...........3...*.n..G.)I.....{f.ay.E...[....BSC^.i.......<.,;...WES.Q.``[P.(3 8.Q.]...W..6D..R.."n.......wC.C^.y%.UL..k...^...tO...7....Z@W@n..h...O...L...1..2.).....L.............W.eb.6y...N........M.0E..S..}..~o..9._..<.....9.dL{.X...q. j...#P................3~...#..&..h..S.b.bn..Fc....@...x.......;._.......4...........@%...........0...J...S.x.S.1.7..n.....J.?..@n..b.r..b...}.x.q.%7..!.7..q.r.7..D..[.:.U.@.@>...cz....%3/Z.'<u....@ @.......g.k..U.x..}...3.|.........._..H.....,.....@-.}.........{..j.g..zj(.:..-.p..[...R.@....@.....k._...W.h..>Q.0$.p.....3......... ..3................<M..~..DI.5LJ.\.`l..9.......'....z..._.OtI.I........0.....-@.. .PV.....<./.u.....{......x..IR....t5i@..Y.(....k...uN.....;..{4..G......~........0J@Y.. ..b.R6.....S........{..y...6.4... .Q.j..%..An.....).....G...~K.a^.~....>.....3@.....;...=*.d...s....I s5...c.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\spinner_medium.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1621
                                                                                                  Entropy (8bit):7.8462829500141025
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:DM70+IKZfOaCF+eC9c2W+0lXBPcFnWFIJ:DM70BKZGa5lczMJ
                                                                                                  MD5:BB0FB3EFECC4C2BC51011009116ACDD9
                                                                                                  SHA1:B6BCFD12A2A045D08FD3D37EF99583132A883952
                                                                                                  SHA-256:0F620F218012ED6FF30809046CED5CA372327454B59C0B4D9501639BBFFD3CE0
                                                                                                  SHA-512:CD454AAC39BA774A47A7A0098BF5540B1AF9B7B9BCDA9F9258945AC1550E51E83936DAD3B6C8196E430B52338859731CC0262357376027D38F890C928127DA80
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...0...0.......1.....IDATX..}lUg......8hi....24.......E.d..Pc]..C...Y..[G....-ALt....$h4.Q2.2^........H.....{.=..}...{;....9..s_.....=.9.s.ick6.Y[a..akB....v...o.....7......7.sZau.\...w..B..+.W.....V...z5.YE.. 8...D8s(.../.g...,..}....Z.x.......%.).:.....yl.[..GX.E`. .b....40-...A5.FsL....*(8s....u.:....[l.3b....O2.&.U......:Wk3.I.I''...v..p...j.k...!0gUM%.F=.....|..]H#6LsF...:...xg..{>.5....:..p........ia]...b.!....}..:.W.....%.#.(.bjm.......-..../...G......*y..w..V..h......4.H...8f...S......U.zu.8`k....P...Q...3.q.v..P.....18...B....`.'c2E2..S.U|...g.b..[.kO..r...."Y...g.a.f.uV.p.._.&.m.:D.L .M=.h.......n...w.<@....iQ.....y?...v..8M...';.7}.........I...w.[...#(......Z...$...o..1.X..T.T;......"..O..;`.rw"Q# p/.......O...X.6>.._.x....`...z.].`..|.\..g...rM}.....n|._...G..3....y.6..].V...G....t.G}5:x.~RuZ`.v...o..]m.[..........,....>q.6.R.v...d...;.......0..........:........g.v~....\.B...#.%.........K..,NI..'j..~&.PJ..UnN_..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\spinner_small.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):998
                                                                                                  Entropy (8bit):7.72561165556165
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:12H8Q7cyzKX+GUlIlxepggs9AEIPmIHZ/OUm9U3Z8D8XvSf:12Hr7c+GoQxepKAPPmYZLmS3Znaf
                                                                                                  MD5:DD123E59D08DD2E80AF3F527B4FA19C0
                                                                                                  SHA1:78214E0D0B57E60538F8A4968613A4A863D69558
                                                                                                  SHA-256:8C31E6F37EEE27E6BEC02DBFB6452B9F0831D6586E47DCE4392E9FBAA07ECED5
                                                                                                  SHA-512:23D04B0BC9ECB49F3B5D6A4A03935DF52E7DA28007A65E9F9F0EC92A83F94F818B00C1CB78FA03F31746C523F76689387EADC93285EE74CF9EC99052AEC7C9A5
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR... ... ......s......IDATH..Oh\......f..&i.m...-(.,zP....."...E.x...hz.D....zP<6..j E\..l.R.`U.,lbM....73.6.4.d...x.c..7.`.........P.._...D.......{....B.3.54.Q5.j.N....z&..|h.4...&....?*VW.<.>..m..].PSO\]...k0....up)84.?*..q.8#.@.......0$...{.Upx}...1...{..........8........t:1...UHs..1,t..Y&.._NTn..HG.........O.l..(.<......H..[...-..o._Oo.....hh06./...8.>.@[.3...o~z...]..E..........yR.&.&.l|.t....)...F....K...\.&'.Mc.......=.....t....B..q_.......V......k...7l..5.5....jb..y.(.l~.A.hg....L...%SH...$:..@H.z...R>Y.. .`0.d..U..7b>$$.\.SSc.Gg.........K.C..^\m.0...=r..#..........a\l.....b...0..&&&.Cc.....25..N..g:jt.X..oo.0UHRS.V8j.5. FS..}.....cZ..5..-.....:<.&R.=VX-..^.c...i.g...d..E..V!i.|.t..r.Wm..L("U.:./...L:.<.NC.w...sE_6:n.C.$@@...#.Go..Ba........Z...5..4..t].0u.z.F.4j......]I.&....`..1.1K....FWg.R../...<.."$...........L(Ng.*.G.+Z.q.s[.n.q.ZXbja..`....."...~..n.&.5x.@.K..5.......pg.......9&t.$.-..s.e..._EC..+..6....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\tab.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 66 x 24, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):390
                                                                                                  Entropy (8bit):6.983802265794423
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7OX/VvA7tCOoPUgvli1vmDwSqd7cMQ:JXNvAUVQ1vQqd4MQ
                                                                                                  MD5:993BFF22C0CE8B494EE40D5C0FCF7656
                                                                                                  SHA1:FC273DD2567073EBEF5CEE52CC300148128627D7
                                                                                                  SHA-256:57B1AE0988C615082705698CE38D82B0AEC46BC11141ACC62F16554AF1F27820
                                                                                                  SHA-512:55E68688EA4A3F9E8AD803A75981CCF8FAB75E40C52369D6EDE66E213E4F5A9401C18D0971AB2F07C46DC3195D1DCC3DA3D27CD146EEDB2E48F3EF62D31A995E
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...B.........y..K...fPLTE.....................................................................................................R......tRNS.......K....IDAT8O..In.0....<#...0sSW....4....".Zl.8.qK.>.7..Q<__7.z......P.Kc.@{.h...,..ND..L...t.!Wg.:=..V_p..g.[...5........1+.+..L?..v..".....N...n.`.=.q.1........o....w#]{.....$.....v..N43..=[..7..........IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Base\images\tab_selected.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 66 x 26, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):437
                                                                                                  Entropy (8bit):7.193635323117587
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7/dfTXAVW3o54JRkLUUFwKyAqGaoqEFc/hc:krP3zkLNqAqpfC
                                                                                                  MD5:8511861D8ED8A8F140DDABDB9B3920CB
                                                                                                  SHA1:EC61FA8B96DE733CD56D720872D8CB9E89D713F4
                                                                                                  SHA-256:B118F88D8D57201E2BBD1F1DA01FE348D3011EFC83B3F909B21C7AB2DABB87EF
                                                                                                  SHA-512:2B3DF5E2E8FF187631DFDC5BE3196FF9509F65B304D025F41F5201830197744C6E724B974B38DBCE28A5284B37488D45B0916C60B94BBFCD3FF466FC7D63A84B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...B.........4Wz@...uPLTE...................................................................................................................p.+....tRNS........@....IDAT8...AN.1...#.$>...........d...3.......DC.\.....B..HO......^M....#p>h#i1....d.;...`.X6XX=&...S_zl..+J.qyq..g.t...lb.'kMF-..wy.(Q.l15..n.(k.g..e..k......m..d.A..)...=.....;........}..|...%.f.........|.T.V.l.....W-..=C=hTB....S..!Z*Ex....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ApplicationWindowStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2037
                                                                                                  Entropy (8bit):4.83051031007633
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9kXbY:MLoO6E+iCshVKzlOWGf0hEVufy9d
                                                                                                  MD5:54013A441AF69B499098EEA96FECE200
                                                                                                  SHA1:47877BFA803C0838AB0A47342911C65EC071399B
                                                                                                  SHA-256:05E93F38D7C9FC61DE783DB9DA2ECB29327EEFD0C1D8C9B39AD9B90224C7170A
                                                                                                  SHA-512:1B8B33D378B91319A31FE773BCAB7E0069E9F60CDA1D2CB35EE0FD92B39CCA2260C7246FA6AC37AD24C66765E0FD380E8B6100E31CAA99B5C9B0DB2C72B07B79
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\BusyIndicatorStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2033
                                                                                                  Entropy (8bit):4.829978509699591
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9kXe:MLoO6E+iCshVKzlOWGf0hEVufy9z
                                                                                                  MD5:2DCD6E429D59C09BB08C9EBB65AF183A
                                                                                                  SHA1:5A9E200CED0F4D6202BA8E1BE082EF4F8EF6412C
                                                                                                  SHA-256:269B14A439279C1B28E2D66093E42C8CEC9F9EC4A6996633B263CACA6460FAC9
                                                                                                  SHA-512:084C5C7C1F22C6D2378436592EB3B51593471BF96FCFC13D8CE1C95978E6B073BB3BB88C5B084ABC3F2358DFBD8D6F808FDFFA74552A39E03942BD621F4B4B28
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2728
                                                                                                  Entropy (8bit):4.844188917143975
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsPByFTJWjr:KogUldGcQWOPByFtWjr
                                                                                                  MD5:A62D007DC5671CB3B7E899E6C80F212B
                                                                                                  SHA1:D3F14DE84264D533D2262F3A9AAF52010D9677E0
                                                                                                  SHA-256:56BD787A33ADC129D41092CAA2E38BAC074F0ABEB9430CA2EE134566D12A55B0
                                                                                                  SHA-512:7FE3FAFEBB599129FD7B058D58C388A8825D93981EBC600B47814389D9C10CBF5B7D13BD65D06E34E9C4B78E2F84A65817C557755D32A2AD75B04D29229F8A1B
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\CalendarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2027
                                                                                                  Entropy (8bit):4.825830727934058
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9kXC:MLoO6E+iCshVKzlOWGf0hEVufy9z
                                                                                                  MD5:D557C09A026B8492A3517007BF4B222D
                                                                                                  SHA1:3031C85AA4B93F676578EFFD1F11ACDFBBB696E9
                                                                                                  SHA-256:15F50D0791445818E933E80650BAA16A94D3B9403B216D87FEC1B5E340D1F267
                                                                                                  SHA-512:DE7854EB35483025D55B08B3A6F3CED06AA90258D0816A8A2DED72B4E981417DD4D22A9B7C5071550D37E8514BA3E06F3F3F46BB453496C16FFFEC505EC414F3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\CheckBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4043
                                                                                                  Entropy (8bit):4.635695740291305
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsauKRsCxUu2oM6XRatjM3CSnhHTXgv:KogUldGcQWOauKRsO2oMC+MSS1LS
                                                                                                  MD5:52AE42A1BF76186E365F0A7F96E639C8
                                                                                                  SHA1:A09A8EF26CCD91155014D86AF57F85FFF3970867
                                                                                                  SHA-256:E4CE3E2C356FDC11F7D5AE4029602CDBE5F40E103CD482281A8D9F8EE6EB9936
                                                                                                  SHA-512:25EF63D9A6A175785EAE639CB135BAB3FC920016EA5F8D53194915F86EBC96FF4943C02A484DC85573CA298160EA1F440F5DA56E92AD62C9A2D087169DDF8553
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ComboBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5292
                                                                                                  Entropy (8bit):4.717869540578657
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWV+JbB+LjqZyYBAQnxg1AJzenItNx06gVgyx:KtcGZJAqACgDgyx
                                                                                                  MD5:9CEA0D2F653C5E0536C32175995E7EB2
                                                                                                  SHA1:BADC1B9758A4FE56402CEAA0B421E2AE734E5384
                                                                                                  SHA-256:B8EC881A35CF7E90154D2413CDCD53C2B131556C22E96F542FD934FA3AE34C83
                                                                                                  SHA-512:9D64E98D56A30E2D1937B4266008A65A510F773C2750B26695B61B4549F8780F53B29FE8DB23BD0D5B513D3CCFAEA61B578E7D2F5C894E47F4D6E3FCBD2F9ECC
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\FocusFrameStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2261
                                                                                                  Entropy (8bit):4.866831940677612
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+ZXn:KogUldGcQW4Xn
                                                                                                  MD5:47CA08817D0EEC6DB4B3EAF514421448
                                                                                                  SHA1:0393CD93A96B8B9A6E9ED6E56CEC9CEED8DDE44C
                                                                                                  SHA-256:8307CEEF8D86F2E307B67A1C4A0B33AF7B83CC4965F698B15960841D20B19F29
                                                                                                  SHA-512:99B632BBD80E9E0A15FB4D43DBEF3BEBFB8F13328F496B5BAF640978B1430CD351FDA50B4DED003FC54664F1E71F4D01A9EFE04577416D701B827D146E492A3A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\GroupBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3230
                                                                                                  Entropy (8bit):4.914641706249265
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCX+/CAYnvoYBxnQ:KogUldGcQW9+/CAYgYBq
                                                                                                  MD5:FC05F8A54097E64E9044950470A58E40
                                                                                                  SHA1:ED2DD6FE5FCCAA5B88BD4515E93D2435C43899E4
                                                                                                  SHA-256:6858DB01FA20AD83559BB5DBB9BB6A7711C8C6959EC53FEBD4D0A9C5370CF59B
                                                                                                  SHA-512:11E577F43E332B195BFAD9CE5A0AA8F4127C0C6F1878ED5B99168B8DCDE5C41C89BA9AB752D8C92AAC70C19DA06FB598066FFBE7D6B6449D36D1D704FDCEF07A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\MenuBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3238
                                                                                                  Entropy (8bit):4.90187484968626
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCev5COkFNpACuUBEKjo3Zq:KogUldGcQWcv5x+aCuUUI
                                                                                                  MD5:E78025940E8545B158A72910F129AAF0
                                                                                                  SHA1:8CD85D7C384EDF0FF6B05B532A4FE04312162A33
                                                                                                  SHA-256:177F211EE15687E231B2A790172D5CADD638016831AF3E4A55C4F9EEDB37E2AC
                                                                                                  SHA-512:4A494D95DE21929FDF04721096989C966717D89E5FD2C734CB6F9B5397579C32525A918417E305FAD9043AF5BA8E5D343809AADCB53A31CE8C4391A92BFA33AD
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\MenuStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4683
                                                                                                  Entropy (8bit):4.828387956520702
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWzvqVw/vSN93wT4ojVJGkOsjRj1:KtcGKWwyzwTzJLBj1
                                                                                                  MD5:9C457D5FAECD7B9A50671D78B48FD52E
                                                                                                  SHA1:B5C07C5CFB40D4B40F85C9EE7F8417819A5A15EC
                                                                                                  SHA-256:AF75BB0905D646A1A15361D642AB86A1D389695D6BCFEE8291CDA857F84E0CB6
                                                                                                  SHA-512:9434551DC72FB405BADF8BF89C024F7531A2E5AB0EEF1FD3F89999230B65D92E0BBA98D0D51C41CA205763AC9081BE4839E5D2B5E435F0135F5726C14B59C11F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ProgressBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2916
                                                                                                  Entropy (8bit):4.839363550613035
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsnxq2Bh9n1iWUH95XkuMZr:KogUldGcQWOnl31iWQ95XkX
                                                                                                  MD5:5168523E82D5137AD3656165D1D0A2AD
                                                                                                  SHA1:0C27710BC44AE4C0D5A781BA0D807398D70AFD42
                                                                                                  SHA-256:374ECA958EF36B2324ABBEC45E179E11570F6DE5A91F8AD3F2559393B240ED28
                                                                                                  SHA-512:AB2DF3E21E1BF415FC77978F42E64D6BA0273E04CB439367F9093A5BB7E9C7F78A3C2381258FE82AFD67CF45F41E82B8BE116D583D2E628C0C228DE1E6A78E79
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\RadioButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4128
                                                                                                  Entropy (8bit):4.6240539224144275
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCs+MMLR0K6SCv2oM6XRa2jM3CSnhHTXgv:KogUldGcQWO+MMLRvA2oMCRMSS1LS
                                                                                                  MD5:9DFAC0C040CA518A9E1930D70E90F6F5
                                                                                                  SHA1:A6D338CE117273B5753A982C66C7A76176C01293
                                                                                                  SHA-256:D673E0F7FAD84074A376601CA564445E9A8B428CF50C37EA59D05A7AB5924F6A
                                                                                                  SHA-512:9855008ABB7A5FC71AE9FD8D5BA78B7FF3E44F0C5110B1C0CCE214ED6A58846B31ECD03500F9B8D4F2ACB1F8076D9A1C3B18AE46623365BABCF8E419831815A3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\RowItemSingleton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2070
                                                                                                  Entropy (8bit):4.832400322959624
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfyyU2yEd:MLoO6E+iCshVKzlOWGf0hEVufyyUTEd
                                                                                                  MD5:ED9217025E9EC7239C63D2EF60B78282
                                                                                                  SHA1:C5A7F37EAD74D963D7E2F706D693E31EAFC3BAD0
                                                                                                  SHA-256:5C11ED9112F3D286DD0351CC5166AEB3CF7B4BC8847C0A35422DFBC14FB4F3A4
                                                                                                  SHA-512:7157E905D21B7D5C330EC5275B91ED2B2F3E6A696874CA3EE05586B500820C83350942F990895382C32F8942258E708A297DD76B3A9D62DB9C0EF1DA482A4138
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ScrollViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3920
                                                                                                  Entropy (8bit):4.8675531615918075
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWOLBgWFnl0bNNvGbGDp/s6dkGF:KtcG7qwl0bNN2Cp/uGF
                                                                                                  MD5:CCF3DC3DFB076E1397626FC400502E0F
                                                                                                  SHA1:379E4B968512352773130A95E75D465F3BEE4857
                                                                                                  SHA-256:A6F0CBA47674AF372708D6002506A0514FC8F1C6DF922416B44549BDB5D08806
                                                                                                  SHA-512:2DBEFCF7793C5EDD0B167AE6A82652692063126CAF465B33330292357F7D0F2E0D728C60CD375F279F8A41AC94E9CB4CEA431652F42BC9713AA01E102687FF01
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\SliderStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2912
                                                                                                  Entropy (8bit):4.857002307301528
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCs+DYs7M00/+BDBqivLm:KogUldGcQWO+DYd/xT
                                                                                                  MD5:C5BE6A9676AE022A4B5C5B67F9CB3483
                                                                                                  SHA1:1105EF627A6B6F46B9860C72E25069ED259AD1A3
                                                                                                  SHA-256:67D3A94B75A01AFEE08644CDED0E393CC3180916FE6DC9BF4B7E7B14727ED582
                                                                                                  SHA-512:303BF89C5C800C0D7C5C2C9682FD82F27CECA7F16044372808A1E88B74C94258B1A638A6DE3A2671CE92B11C445F047BC3BD30EC543B346690EE4EDC1A82A9D9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\SpinBoxStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5470
                                                                                                  Entropy (8bit):4.769994565901049
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWO+KWtnZkRtrFbWFJRN/3sqNnckMj:KtcGOXZ8UM
                                                                                                  MD5:3BCFD261EC53F77B79FF18EDA94F00A4
                                                                                                  SHA1:806C34F49630C855AB448D1DDD7CC7EC75155A7E
                                                                                                  SHA-256:BC6AA234585366A42DC44D90F15BAF2CDC601F4158E9A2E97A9E8CE4BDABE15D
                                                                                                  SHA-512:96F7FA538D396A03D0660B6D76070D5BB66419C80917AA3BB4135C57B98219A87D318E0EFAEF817CDA896C3ED65554072F6168D3B33E779BE3BA430A8E95404D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\StatusBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2491
                                                                                                  Entropy (8bit):4.878811646714112
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+V4iYSss1bM:KogUldGcQWe4n3oQ
                                                                                                  MD5:A4E30E457C53AEFC73DD84E4FB800AAF
                                                                                                  SHA1:2A18E9793678530EE130464A134DC1D1C036E030
                                                                                                  SHA-256:A605E146BD646C94F5DF54330956FCF355AA994822A3F19D2E8FC8DC7C6FDC72
                                                                                                  SHA-512:D0F7E098A0DC960A20273C5EF33DC089B5D6F4C8C9069E2863152D0FCD3EE5972D19FBCCF3BA57D5CCD6E9A341B3BA115C6600A7E7D8E820E4F375DE3599515A
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2113
                                                                                                  Entropy (8bit):4.854277805833694
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkjCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9C2okXf:MLoO6E+iCshVKzlOWGf0hEVufy9nCfO
                                                                                                  MD5:6C9008235764FF0068F72701943B94FD
                                                                                                  SHA1:F100EAEEDF7D8164215092BF3C9A5F6FDC98F825
                                                                                                  SHA-256:203F0571C301F3215736C0647181D8C40CF7DC6C96C4C22FEE327A0F2643048D
                                                                                                  SHA-512:56BD57F97CA85EDDFF01C4C8DEBE9DFC0CFFC8959C49300A52457DCD0A8B78D3AFC2F3256BF6F38FE8942C72BF68B3B7C3385AD816E7E46AF0D6FA159A619686
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TabViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5403
                                                                                                  Entropy (8bit):4.869623049015817
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWROnOVeVVpjou109ek09eeNLuJ1T1OAhEs2TTaJtAtZRt7cQq:KtcGVOVeVVdolm6Jl1O5TTm
                                                                                                  MD5:70AC23990E0708D6C19F141EE87604AF
                                                                                                  SHA1:B887A7EC5240501AB95B576E5B351EDA5D657CFC
                                                                                                  SHA-256:FA8D23345774F673EC2E255FFD773B4F79C9402B1D96FD6B59DAF8296B388322
                                                                                                  SHA-512:11DAFFFA8DF00DC43D28B18D99E32C0806083DEBE15586436C2808F4D6D7F660CC26A03982271AABA8659FB07D076170E4AD0203ED99080EB664F9E36C13483D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TableViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5378
                                                                                                  Entropy (8bit):4.808326079025741
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWOZqOMLwFR9oDsEP+nSjMLldH:KtcGvkaRssEWSjqt
                                                                                                  MD5:68603CC39333371CDD6E1775322F1670
                                                                                                  SHA1:28F91909A18263E06D61EA1FCA4CFB274965EFC4
                                                                                                  SHA-256:D79180C0B2D1FDFE1D99E182D5EE3C28262402CFFA817820379E66618C976114
                                                                                                  SHA-512:9191915011233D238BAD3BFCB0BFB7D3E9D01BEB4BD6B02F4A6C229FDA4A9A343F8704C4079BC8E12991571B15A6AE0BDA0E2B3C2E36D5EBBA69E798C8069FCA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TextAreaStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2739
                                                                                                  Entropy (8bit):4.876333999803406
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCDtWQwwTeDzT:KogUldGcQWvYT
                                                                                                  MD5:F18A31B21F6E1E07ED2C2384EC9DB07B
                                                                                                  SHA1:F0DB90907002175B39462D21AB886A0D68117B19
                                                                                                  SHA-256:C6B003634227509E65F0BF51DA7C933DDE9EDEEDEC7939A9B4EC6A032D15CE76
                                                                                                  SHA-512:5514AB2ED30618CB5C3AD8A15AFC45E90B3EFB83C26400700CD735D98526B6EB3F934D102B1BC83FD1E4BD559AC65B3266940699B94BB726F308FCBBF5BE2776
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TextFieldStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3377
                                                                                                  Entropy (8bit):4.85774329326833
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCshe/RXWBwwjepxStQE/NPGtuvlxR:KogUldGcQWOhOi6StlFOmlxR
                                                                                                  MD5:E32F36F66E28A5933DB78000F5A728AA
                                                                                                  SHA1:B84E9F41AA9723831BA2F1E33793B280570B2432
                                                                                                  SHA-256:469CC7017A3DEAA57E5AD77F67D92C49730158D4CDD3D4CE4A0565916B4BF046
                                                                                                  SHA-512:B099EADB5AADBD45B9F20089D77C16953F56475D03C84A8B1F1BDF44E6E2A85163252634C060EBEA5B047C85BEA1A4CD625C850CD75AB7B82E2888690C52868C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ToolBarStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2560
                                                                                                  Entropy (8bit):4.895624359026673
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+V4FoTtoKNTfM:KogUldGcQWe4FqtooA
                                                                                                  MD5:C00750A748AAC07D2EE770633A1D1977
                                                                                                  SHA1:E33BADC9EF8C258828F19FEC2BE808F86CBE43C4
                                                                                                  SHA-256:19A1F65314D130633F132DFCC0632767870946EDEC1EC3094D77C7EBF1DEDEA2
                                                                                                  SHA-512:33FEF4B179D1BBB6E6559FE4948F1A522E6D8CB08D6B291893A2E3132047E1F0CB0CC5C5849E571B836033B65D7D5032304B9237EBCB13BF88E14949610C578D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\ToolButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2679
                                                                                                  Entropy (8bit):4.817998343273068
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nCsPeT6L/jx:KogUldGcQWOPeEjx
                                                                                                  MD5:BCFCBFBD6E6B859D0022AC47C639A698
                                                                                                  SHA1:2516F4A662B412923F9C2EAD0B5865E5E0D3CA35
                                                                                                  SHA-256:EAB8AA6660AFC600BB4638790DEE761289226F376DEC5048FF1322CAE9962EA8
                                                                                                  SHA-512:7EA78319472B7ED0D5BD2C93A9C1B5B922F39FFD668D666BB7CEF3CFDF8742EE0B819C2D2C830079D939F01F5078D37E5C71CA6323C0ECE4BCF0CD099A1A0BF0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\TreeViewStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2851
                                                                                                  Entropy (8bit):4.83490362938184
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nM+AvKufXjLOH:KogUldGcQWtvrOH
                                                                                                  MD5:6F7FAE0B08A85CC48443CD6C2A0AD367
                                                                                                  SHA1:E668B85D9524862BB0C849239C4E9F20F9610D41
                                                                                                  SHA-256:F25F4D88D7E91A642CF1F1484290398A6FBE56CA30E8D2641674FC2AF95BE28C
                                                                                                  SHA-512:E975DF2161991FB789AAC30CE1B5C42B55FB7C0E039377793F3A09F1A668C531431A916CC9046254EAED0D234D93939FD4E808F2E92E337C24F9FF35F559A0C8
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Desktop\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):72
                                                                                                  Entropy (8bit):4.323595876865264
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:SkR5JsRomvBAWQoAw:GAho5
                                                                                                  MD5:5BB63258D01ACFC40E4594162F0A82C3
                                                                                                  SHA1:565D8441B24D8780934A9DD477A10AF102DB1FF0
                                                                                                  SHA-256:55453E2272C4E35AF64C697A91EE082872A33739E88F9BF18E8128C5AB3BC4CE
                                                                                                  SHA-512:74B9A8C62FFCB21C29D48A3CDC0D7EFD2F5CFAC8CEB55C1B6CF0EFCC97730DC3DBA1642EA26E0245C41CC8FDDF10AE97BA12EA3B6388DEC734F8763BAD6A1211
                                                                                                  Malicious:false
                                                                                                  Preview:singleton RowItemSingleton 1.0 RowItemSingleton.qml..designersupported..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):126
                                                                                                  Entropy (8bit):4.704713117740268
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BV9NKBiA/A6UR7ElXMLovyWmopFRPlDMexR9bVvn:xVfQiAbUNkXD8oDVlMexVv
                                                                                                  MD5:423C1712AA394DBE84F5179B52B1A261
                                                                                                  SHA1:49C875E36D792C01364191C9D236A5A3D3A25186
                                                                                                  SHA-256:A84A08BB95A702C80C249681B7C0E6F42173FEA619124961243F4804ED6CDA70
                                                                                                  SHA-512:C7CE34D2B67E9B2B74848F28648B3781FE3158B9D27FF309179712B4A16E8028DFFE5818C5E21D082816557EE3E29CCA5E182D81B7B7B44C30C760977DD2A1D8
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls.Styles.Flat..plugin qtquickextrasflatplugin..classname QtQuickExtrasStylesPlugin..depends QtQml 2.14..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):822904
                                                                                                  Entropy (8bit):6.700959553619025
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:68gIwhCNoh+JJ9f9VhCNoh+5i9FrIJJpCNoh+7UJ:6Y2UJ//UioGW
                                                                                                  MD5:633645B3AB2EFF97752CE33B68DAA6E4
                                                                                                  SHA1:1E849CCFCA9CFF3FDB36E40843615E0A037993C5
                                                                                                  SHA-256:2345712E9768460D1BDFEEB4F3329B793334116B9B1D4D51EFF8787A68EC8DA4
                                                                                                  SHA-512:593EE6A16326CC7E6D07EE08711DE6F8D125AC8E1BB7FE18112D28BF1CFE6BE1CA22486858777629407BFA82165B88EC77EB25F5916AC158EA0EB6FC7294738B
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............G..G..G...G..GK..F..G..F..GK..F..GK..F..GK..F..G...F..G..G..G...F..G...F..G..qG..G...F..GRich..G........PE..L....p.^...........!.....4...B.......:.......P............................................@..........................a......tb..........`............x..x...........@W..T...................<X.......W..@............P..h............................text...D3.......4.................. ..`.rdata..6,...P.......8..............@..@.data................f..............@....qtmetad.............j..............@..P.rsrc...`............l..............@..@.reloc...............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Styles\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1575
                                                                                                  Entropy (8bit):4.8088919366233815
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:AM0yAwQYdlyGUG9yHg9olJ6DIqrOirQorA6aAUDTQdiCH9BtAH4oeDvXFWdlvZda:ey9y6PAJGIqqiEoU6LUDcEeHy6WXva1F
                                                                                                  MD5:413DCF3E49E01CA487FA65136C6FB0A9
                                                                                                  SHA1:51AA584ECABFC23F38B8C8E9C45ED820A7F404B7
                                                                                                  SHA-256:7BB94BCC9FA7D849C10ED84F476AD7951A61D48FE8F78ED5201956419D38D05C
                                                                                                  SHA-512:999E3ADB3F09CF70140B45DD4B8DB2C524974DEB5826D309419FC995A3912A7DF439FCEF121C28D5BA5FA36A1C0D10A3C9289B6B948C7FB8656BBF20E7992519
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls.Styles..ApplicationWindowStyle 1.3 Base/ApplicationWindowStyle.qml..ButtonStyle 1.0 Base/ButtonStyle.qml..BusyIndicatorStyle 1.1 Base/BusyIndicatorStyle.qml..CalendarStyle 1.1 Base/CalendarStyle.qml..CheckBoxStyle 1.0 Base/CheckBoxStyle.qml..ComboBoxStyle 1.0 Base/ComboBoxStyle.qml..MenuStyle 1.2 Base/MenuStyle.qml..MenuBarStyle 1.2 Base/MenuBarStyle.qml..ProgressBarStyle 1.0 Base/ProgressBarStyle.qml..RadioButtonStyle 1.0 Base/RadioButtonStyle.qml..ScrollViewStyle 1.0 Base/ScrollViewStyle.qml..SliderStyle 1.0 Base/SliderStyle.qml..SpinBoxStyle 1.1 Base/SpinBoxStyle.qml..SwitchStyle 1.1 Base/SwitchStyle.qml..TabViewStyle 1.0 Base/TabViewStyle.qml..TableViewStyle 1.0 Base/TableViewStyle.qml..TreeViewStyle 1.4 Base/TreeViewStyle.qml..TextAreaStyle 1.1 Base/TextAreaStyle.qml..TextFieldStyle 1.0 Base/TextFieldStyle.qml..ToolBarStyle 1.0 Base/ToolBarStyle.qml..StatusBarStyle 1.0 Base/StatusBarStyle.qml....CircularGaugeStyle 1.0 Base/CircularGaugeStyle.qml..CircularBu

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Switch.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5331
                                                                                                  Entropy (8bit):4.7535262271796865
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQWtqJOuPhnGpgFFbVlCidcJhh2Lzprr:KtcGCqJogJkidcfQprr
                                                                                                  MD5:CA3D8928B9CEE6FA5F816B955E4BAD91
                                                                                                  SHA1:1F260D64D2ABFF2523276C9640411EAD735AABEF
                                                                                                  SHA-256:B13AB37C9E463A9CF8E54EC49227D0D9BFC1E2305AC633C52101B1EBC1F764EA
                                                                                                  SHA-512:EBFFE62093E5C826A466C95475051E70E460849F99B6D4B8641A464432CD16FBB3DC6E9C3FAB9A95EC04D89056BFA1313BDBBF6860B80E6AC8F74E34CC4BB0A1
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\Tab.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3001
                                                                                                  Entropy (8bit):4.819287574242073
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9b1MU3w28oAjlCp8jSj:KogUldGcQWC5LOlCpwc
                                                                                                  MD5:AD45F17A9C359302CB783D120C735607
                                                                                                  SHA1:DEAC44C363B03E2FBAAFD698DB86C9D9CBD22F70
                                                                                                  SHA-256:498A7572ACC1A285857798648F3FEEAAC77364555573AD7225FB2A949A0539F3
                                                                                                  SHA-512:5F0B2C6CFE00567A1DC58BC4C51091223E3862FFD6B4AC513999E05046E6B063796769EF13B2916F71C7F80575D4B6DFB654FF439BF9230EAA14077CC17355C2
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\TabView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10775
                                                                                                  Entropy (8bit):4.555931669004076
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGo4BkD2rdt4uI+t2KD31+F74u3h1zcO04SV22TNQbNqcefu1IucX6:RGo4v4Xaz24u0faWducX6
                                                                                                  MD5:21A3BD0847A872DEBB82D5EC259822A6
                                                                                                  SHA1:71A53D4F9C9881B97E9E6131883C7928DCA44FB4
                                                                                                  SHA-256:6D075D592A118CABD04880B806813D447DD8D38B61282A6305D2B6D8CCE2A1F1
                                                                                                  SHA-512:3BA9EE580EC217A4397FDA16B77FDCB5842D4DF5D843A441EB0E71782BDA6DA4A3D468967048614C311AB41A3CD42D6211F31C0BBDE23B904482558343423F8C
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\TableView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11555
                                                                                                  Entropy (8bit):4.508062969601809
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGatGcaCIsEeVsAKajWjzfjHNhYjhjEHWgjJAStuKznjnHXbjtxtJt:RGG2CIDe66iHgNGFAg9/Jn
                                                                                                  MD5:A03F6048F017119A2EBDD73699108DDE
                                                                                                  SHA1:801B5E265790085FDEE815A796BDE28230D59915
                                                                                                  SHA-256:10B4650B6196482B2217C5593A1B702E1E85E67B58769D685314C7086E866CCD
                                                                                                  SHA-512:6468E846450D98779D857E8D7413E0D2B5A42CF68ACDC9E63336EBA3FF609754EA252CBA8F3A77F8971783FE2383BBB47EB22BA9A6D20399466E2AA392C8B95D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\TableViewColumn.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6792
                                                                                                  Entropy (8bit):4.758332165377038
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQW6Gze7Kur0wamqRNjjp6PzH7Xe8LQL1:KtcGoS7n0wfqjp6PzVLQR
                                                                                                  MD5:8E2180B47B2FE948AAE25EC0F55F88C1
                                                                                                  SHA1:82C723FD3B31AF671ED8FA5907495D47936E4F71
                                                                                                  SHA-256:03F87F2A263CD7550B805839A9D910C88C968A27485E4047EDA962F9FEA428E1
                                                                                                  SHA-512:0EC094B08A6F3F8D7CCB56EDBD182A628228B3E5C8AADD8A54E38F7ACCB71B5C48D9A036BDFF906946BF21C5E7EDAFF27A09C23B1AEAC43247B7E9448FB6F63F
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\TextArea.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):36631
                                                                                                  Entropy (8bit):4.4780442352754575
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RGCsrfpOCASMCPcc1BjenOjPrvGU5qkV3G6QIwtr6S:RGCC7F1Bj6Er+UR3G6QIwtr6S
                                                                                                  MD5:F153CAD30D04C61CAD1FAD47EB835ABF
                                                                                                  SHA1:BF8A0EEBA5E2F30AE72FA795A66F4E6B5E1754C7
                                                                                                  SHA-256:921CDBE8172E41F1F14EBE5A8453C65CF13EC52C7D044F246F7DABE05AF20C56
                                                                                                  SHA-512:51127452EFCAEC6F0B6990CAF6C55C61FEBB4A84DAA4C988E2ABDB6D8EDF69401E942B2A690B94BC21B224AB45E390D98DD7FA2A80C6965CCE9226E57C41C0DA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\TextField.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):23187
                                                                                                  Entropy (8bit):4.601892640300788
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcG4ZAH+wlOXXPbyICpFy440d/nAS3JLzQ5zfKN3h1gdF0qEhPNq+tppmGjheDG:RGffwkIsV3huEhPNTtTeOp
                                                                                                  MD5:438230E5EB067351815803354B75CECD
                                                                                                  SHA1:C1D8DA8AFA9D7BF54347A614C3E10F7B119013CC
                                                                                                  SHA-256:0A5EEC9E6BDE5A318D695351EAEA1187929D08BD9616672290CEFB42B784B27C
                                                                                                  SHA-512:E271F00985D6EF691F4D5C24767DD27623C311D375FCFF20CE5F265BC4937CDF7430929C6AFC7C04D6B01694BD149622C39A2BE7A2302301FDEB5EAA4BF40580
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\ToolBar.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7444
                                                                                                  Entropy (8bit):4.556868420703673
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KogUldGcQW9Cs7WWD9z0vqArXxKA/k+PSAdl+f27qUhr6+LnQv1huMmunh+NNMXv:KtcGR+55YCKc8HQ5v3T+NNq
                                                                                                  MD5:C07E4147051E16985F5131A5430A8930
                                                                                                  SHA1:67D261B5394136DDF95649B8186AF3C7106A1118
                                                                                                  SHA-256:A6FDBF00896B66B912C84BD84394637DC418C7B25533FDEE13CDF2C0C530809E
                                                                                                  SHA-512:675B1D5B681E2EFAF45F30BE1C8335CD419C8770B26E701C9E275075968BF811CD8131FF405A474905A67E4B1EC2C5E35C831D6FA8ABD178FD2915FB3A39FDD8
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\ToolButton.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3229
                                                                                                  Entropy (8bit):4.725674482574039
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLoO6E+iCshVKzlOWGf0hEVufy9nC+BD4pj4A9z0GWw:KogUldGcQWkDUP9z0s
                                                                                                  MD5:2DAA729A7973A06896E1ED0033FEA2E7
                                                                                                  SHA1:3ECD84596262AB298F07F75E0BC7A3CAAB5F44B1
                                                                                                  SHA-256:3D0FBEE00479A1D6FEBC3F47223F8902D371A59AF84F298C3FCD0D1326E2AE99
                                                                                                  SHA-512:45F5CC021A2CAF1E1751DFD2CDA447BB63960D97CC083F423B204F481B6D60B47F543C61DD5527741CECD868EB5B2F5563CCA7D09E0B19E16823FA96376845A0
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\TreeView.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17067
                                                                                                  Entropy (8bit):4.403605360211459
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KtcGf54RK/P5LgNQL+n5GCVEHuCtJjrjPrVG0dQcAjNs0ThLvoajevjOwjCUJ842:RGzL+5hFeJH7rU4ahTF8qwAuCv
                                                                                                  MD5:E1FD1395D1F8E2FFA28F696FE0411622
                                                                                                  SHA1:FF7C276F0231781D0FA62859800DC95CFFB80AC5
                                                                                                  SHA-256:07BEEE0ADBA375BD9E9648AC6DFBE18A8FE3CE9DEA1BC56F3EFD2E017F2F7B9B
                                                                                                  SHA-512:75403629C1DE9C9E3E40B678DBBEA5FB2F4CE88AB022E5568BD33D4E173793BE81380ADAE21EF5442177A86D5DB10EB743064567C87AFFBD5DC4DF394F2DC802
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Controls module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):157929
                                                                                                  Entropy (8bit):4.394855792362328
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:N5pg8X/dXiHasVeW+vrfAUmdR5xK5xO7MF4tXtXMzxo+3aM0XoXyQRcMGMQXv:N5pT/dXQ+TfAR43Pe
                                                                                                  MD5:B4A2ABC03607274408F92857B7BAB3FF
                                                                                                  SHA1:D271819DF46A7D17D37561132F56738DF8ED4A18
                                                                                                  SHA-256:9980DDEB8EBAB08CE397D99A543DC9CDC1E4964026EF9C73D6BA02FE43AD2DE3
                                                                                                  SHA-512:C897A979F60FE3A15BED54825DAE0EAA1CF9B831ADF3AF7B975BD0E4F27EAC8FD7E6E6F79FDC34D6FE996AD15B6FD4FF666CDE60DED0E878867BBF8794E4CC5E
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtQuick.Controls 1.5'....Module {.. dependencies: [.. "QtGraphicalEffects 1.12",.. "QtQml 2.14",.. "QtQml.Models 2.2",.. "QtQuick 2.9",.. "QtQuick.Controls.Styles 1.4",.. "QtQuick.Extras 1.4",.. "QtQuick.Layouts 1.1",.. "QtQuick.Window 2.2".. ].. Component {.. name: "QAbstractItemModel".. prototype: "QObject".. exports: ["QtQuick.Controls.Private/AbstractItemModel 1.0"].. isCreatable: false.. exportMetaObjectRevisions: [0].. Enum {.. name: "LayoutChangeHint".. values: {.. "NoLayoutChangeHint": 0,.. "VerticalSortHint": 1,.. "HorizontalSortHint": 2.. }.. }.. Enum {..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):212
                                                                                                  Entropy (8bit):4.668721562194963
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BV9NKF7eURCNPdMcvyWmopCxKdz+RLV06qWoZAhoAcRSfL8SFzSnRSqRHyQR9bF:xVfy7eU9e8oIQ+keSAhowPJ3qRHy+Vv
                                                                                                  MD5:A6CE84D84B95B99795330156F2B48C4F
                                                                                                  SHA1:8530263B6C0E61B715673C77BB2F8E55C51B2AA0
                                                                                                  SHA-256:DFBD5CB07BDDD1A2342B82A442CD4A4504D87D04DF79F3083BBA3A031888BE3E
                                                                                                  SHA-512:0979B08FCB1EC0D7589C3A80F0B24EA77817476D6AFABB9E5F63B8A07BF2F3F3D902695514CB3696F11DB210E1CEB6172CA0B878D6BB366DDD8169B009E9A83B
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Controls..plugin qtquickcontrolsplugin..classname QtQuickControls1Plugin..typeinfo plugins.qmltypes..designersupported..depends QtQuick.Window 2.2..depends QtQuick.Layouts 1.0..depends QtQml 2.14..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Controls\qtquickcontrolsplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):287864
                                                                                                  Entropy (8bit):6.5883932073206175
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:NVxGk4YD4+YqmudBZ1dZLSyOuPTVzVfombso0hfWgD0IY5uhrGT:txpD4DbudBn0O
                                                                                                  MD5:9D33A9D499280632DB8BEF1A0033B6D6
                                                                                                  SHA1:767E1AB1E09B2529092C9D2901EF75F4ED4C0027
                                                                                                  SHA-256:CDD39F16BD8CC1C2E52DEEFCE50AC03FD2235BCE4ADEEA521C8EFB521DB55D44
                                                                                                  SHA-512:E68C577AAF6EA606AF860D35C727874298BEEC3BD38DD5843A1B9E1709DB9A511EBE31B0E5BFCDC3F63C9E44E4788E652B16BEE7BA154610EC0A05861CCE6420
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................@....,...........,.....,.....,.....e........M..e.....e.....e.,....e.....Rich...........................PE..L...hq.^...........!................d................................................6....@..........................................@..`............N..x....P...D..Pk..T...................Ll.......k..@............................................text............................... ..`.rdata...T.......V..................@..@.data...............................@....qtmetado....0......................@..P.rsrc...`....@......................@..@.reloc...D...P...F..................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultColorDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:C source, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16805
                                                                                                  Entropy (8bit):4.024511905292934
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:iGjfVa31y7foQAOumdPjAa6rhLjm3ADpBUQwNLX:iGI2T1Nj
                                                                                                  MD5:4B200AFD3340E84B92381852B9C4D053
                                                                                                  SHA1:53B52803A2994A2FF56272CCA5AFE91896981B43
                                                                                                  SHA-256:29B816728E1B4450E7B50DDA9287D61052BCC265D178BCD1672C27FB1431FED5
                                                                                                  SHA-512:81824E7710908FCCD0CD74A08E328DAC56B5538FCA6E1011BA892B70D9AD945C8E879A2AB05DA2D0D0F494D9F9EBFA6B03F1F77D4AEA927984B2F5F6540328C6
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultDialogWrapper.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8343
                                                                                                  Entropy (8bit):4.489736761557964
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KacGuEXsd6q84cbBNUaf0DuH/ivxMoEu12C1q0E:iGuEXs47zjeU/ivxM7u12C1q0E
                                                                                                  MD5:6E9F9F1D9B0B3EC16B9DD0C8F21EA382
                                                                                                  SHA1:C0F1CC4C1142F60E4DB4795984DC03B5E43F1C3D
                                                                                                  SHA-256:09FDBDC3098BA77DD2261B8CD8FD83866D998EB9BFA9F685DA5C43FF78CE746D
                                                                                                  SHA-512:0350E72EDE7826AE537D2944EC1E6A6D07AD1A691109D4D5ECA01170C8E39CC8D08CCC909769795189B4A4035A30967DC001E0D5E041F6611AD80E0AD3B3EA48
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultFileDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21837
                                                                                                  Entropy (8bit):3.89069196383034
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:iGCRB55UnGfnUeSO4tIXRAXsMOv6REflHEG:iGKKOPMITb
                                                                                                  MD5:D8C075B1466A5DBC163AAF306C8B9C8F
                                                                                                  SHA1:0BE13D591DAF52EF34D22C9375DBF484FAC2415F
                                                                                                  SHA-256:7562DDFB2AC626A253FA3987FCED5DF7AD7E21CE61EAAF102F005CC586FE6BBD
                                                                                                  SHA-512:37A2428C3E7A91CB2626A633447DB586A89D3E35722711B9CE3F2A60634AECE37C0409C965B0E77D31F94B5BE563BB72F94C2D684129BA8597E28908D52A9504
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultFontDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18789
                                                                                                  Entropy (8bit):3.9546487780736306
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:KacGtM5QUU83tyUWheQ3dlbb6zW9e86ewxu2Gy:iGtMQUR3tyUA3bbb6ic8G1
                                                                                                  MD5:75F348472EE20DE837256420D3F05A8E
                                                                                                  SHA1:4D492C74E8E5CFA2500121E9644872C459D19495
                                                                                                  SHA-256:47E4E8472C71959A1CC12FB0857290E655AC901C68D209024A80012555F0C7D8
                                                                                                  SHA-512:64B6E0CE233359E654E3E707B4B2E7125F3719649F17E107E66C5B56C216A63FBA10B3259D5741F05600B8F9DD9CCF9688B8A719D2D17F559551604458AE6516
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\DefaultMessageDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12934
                                                                                                  Entropy (8bit):4.097455940794716
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:iGReV5+MQbirxkSVx7oEk/Wb7Ri37lwbuUvr/c18/S7:iGWBeZ8/w
                                                                                                  MD5:B0E29EE869FC72FDF86F89E0B0E9B621
                                                                                                  SHA1:97A79B3E5C3343894B1107B72773E0435C2459B4
                                                                                                  SHA-256:CAAA34C2AADF32D0EBBAACF17744C5797B79D4D377321F88139B3F13A14AB61C
                                                                                                  SHA-512:849B344E4B9D17D324DC79CFD62387A08FD147F7B76898B7949928631DB61A16307D97B8671AB7975962693D5EC1413D3D524928177C58AAC2AD795C8AD09A2D
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\dialogsprivateplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):42616
                                                                                                  Entropy (8bit):6.360625901534424
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:ciHJ8nVgzXwJna0ED1spXb1JX3byqlJnT8wN8BLbnlmeXT5/w2lEmzP:6qF1sBb1hryEaBfnlmWT5/wMFT
                                                                                                  MD5:44B864AE14067C7A23BD34E00370FBB4
                                                                                                  SHA1:F0DFBD1806397DEAF005DF0A2DD228BB533B5B6F
                                                                                                  SHA-256:569013C6F5C555B0BBDDBE275B4EE7E307D59FC8B9D6A4B07F52326BB6392319
                                                                                                  SHA-512:3D8EA70E18F2BFE1B6EE407905A71FD299132EC3393AFB34E5C55C34D9B624E353B6FFB71A7520124C83430FF6C218BD4A6FC11F2C739F4B6C5CCF6F708627F0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.x]...........................]............................................................................Rich............................PE..L....p.^...........!.....>...R......hE.......P....................................../.....@..........................i......Tj..........`...............x.......`....^..T...................._......._..@............P...............................text....=.......>.................. ..`.rdata..J8...P...:...B..............@..@.data................|..............@....qtmetad}...........................@..P.rsrc...`...........................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12562
                                                                                                  Entropy (8bit):4.0547557110118335
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:I8VFmGH8iSSoesW6kDFLN7rgJO4jybtuYR1pbbQDU1N1l1r1nL1DaHfI85I3P8v+:5ciSSts8XTKQfX5nZ35pkx0v
                                                                                                  MD5:01A98548921015519F9BF96AFC6CA3F2
                                                                                                  SHA1:7010F0A761839F0396B184A407F064A24E034CEF
                                                                                                  SHA-256:9F2748312B462C9BD61A1638B91D2F0E36AF088DA06C55DE385D216299325892
                                                                                                  SHA-512:62C11064E927370B42D6758DBCDF42446C7116638941EE6FA7CB5CCCAAE1DC06C5266D3F135C8669E59F4D732C7C5373241D3FC7E37ADCDE0519EC05701113D5
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtQuick.Dialogs.Private 1.1'....Module {.. dependencies: ["QtQuick 2.0"].. Component {.. name: "QAbstractItemModel".. prototype: "QObject".. Enum {.. name: "LayoutChangeHint".. values: {.. "NoLayoutChangeHint": 0,.. "VerticalSortHint": 1,.. "HorizontalSortHint": 2.. }.. }.. Enum {.. name: "CheckIndexOption".. values: {.. "NoOption": 0,.. "IndexIsValid": 1,.. "DoNotUseParent": 2,.. "ParentIsInvalid": 4.. }.. }.. Signal {.. name: "dataChanged".. Parameter { name: "topLeft"; type: "QModelIndex" }.. Parameter { n

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\Private\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128
                                                                                                  Entropy (8bit):4.541086444900037
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BVa60XzeBz3hVhvyWmopYPJoXhhy+RLV06qWov:xVa60DeR3hV58oOP2X6+key
                                                                                                  MD5:D859E992832670DFFA54EBC48137C3E0
                                                                                                  SHA1:9A36E7C010533552F9BBD537337B9EFE605D0B4B
                                                                                                  SHA-256:328CE7281FF10EF0D90A753A716912656D3F97476624A584A8B50847127FA00D
                                                                                                  SHA-512:7E92DFFB3E83DA37DE50CBF6C3E808EFFEFF1E49509EE68C7D2EF9B8094C025BBEA5CB1E023B0EEA8B406BE3617BFA3346CC022E6027D93207AF9D84E52FF849
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Dialogs.Private..plugin dialogsprivateplugin..classname QtQuick2DialogsPrivatePlugin..typeinfo plugins.qmltypes..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetColorDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2046
                                                                                                  Entropy (8bit):4.839194226499755
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9j:MLZO6E+iCshVKzlOWGf0hEVufy9nj
                                                                                                  MD5:B6D6A211D4018E1871A28DA308C0A264
                                                                                                  SHA1:8EE3F896DD57F62D9CBB01B6BFB5DDB59ADA2ADF
                                                                                                  SHA-256:69A65B64D70B2328258AA1A35B52E1FC4D7A4FFBC2B458BC8CA48DD5BBB28C8F
                                                                                                  SHA-512:A52F8ED39092E8B50923A68DFBD5B8CFD790EAE607575B0B10FE3DEE7E097FDBEBD92FA8D3923F6614FD7CE71DCDFA6F9EED5179DC5F4FF69E99B6A8CC3C20FA
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetFileDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2045
                                                                                                  Entropy (8bit):4.838543971830859
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9QWC:MLZO6E+iCshVKzlOWGf0hEVufy9nQf
                                                                                                  MD5:9AE11A1E4DD9A3D282AD5BD773CFE0CD
                                                                                                  SHA1:D08399E72B6CAD3634D15C9C3371F3B61112EA60
                                                                                                  SHA-256:275DD745DE7DFBA2CFE20513C72F91DBBCF3A9E79A7C5C5826DDE116407F831C
                                                                                                  SHA-512:4F20EE351C799972FA48DC0FF33B54AC56B51DE7232A14F50D8C3F20A698EC9C7822CDE95C4EC27A574028FEEE40308FB6FA7AA421485ADB0BFCA217E2ED51D9
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetFontDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2045
                                                                                                  Entropy (8bit):4.839477066158387
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9u:MLZO6E+iCshVKzlOWGf0hEVufy9nu
                                                                                                  MD5:A87880CA314C1F7E637390F555D93CDE
                                                                                                  SHA1:691774B5B2179CC0B31D976EEC8EFF37166A2D23
                                                                                                  SHA-256:DC36D5A4E713A5CEED8E877CB16D30272953E736C99FBF933075220281E3A2EE
                                                                                                  SHA-512:DEE0DFBFBEB7D1F43E7FE5AA7C7EEED019FE96D9D885D2C89C19025878D6213B3C95953922130CF877B7B6BE5962A9867B6B659FDC4328F5B0ABBD4DCFEFB7E3
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\WidgetMessageDialog.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2048
                                                                                                  Entropy (8bit):4.841495536435705
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:MLkMCT3QXf8WYwid0szM68qDRGNfFTNZbOWGf0HB+N7YiZTcfy9N9Q:MLZO6E+iCshVKzlOWGf0hEVufy9nQ
                                                                                                  MD5:36FB0F29228ABACA2E0F0BF72EC62823
                                                                                                  SHA1:FB1C98BA0DBC9D5B9B1D2CC3F947DDE5212CDA73
                                                                                                  SHA-256:DC91A4E687696C4AA83E5A1D6E05BFDE8F3FAE8338691982E42F3282AF9A1E6E
                                                                                                  SHA-512:747B56D7CE4281E25543C6D8705558FF0B3935CE9301FDD00998293B0761FB432143D4040BE97EF0BE15ED8F01045B176F9D08A72AD85B487E834F118122FE75
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\dialogplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):120440
                                                                                                  Entropy (8bit):6.378334025640155
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:x1opmnOmyn2ZVGDenVL9egTShe+8XVs+yU5eMAq:OeB91TSA+8ls+yEe/q
                                                                                                  MD5:734D47ED41565F3E51CD2E5A32E5BECE
                                                                                                  SHA1:585C447E9ABDFA39C26E510E1B47F72B49CB0DC4
                                                                                                  SHA-256:7EB28A6C31978DA80D930956ACDA4655F0028C8E3152DF309C330193090F3ADD
                                                                                                  SHA-512:9AA7BFDDB46D16D67EC3B43E5DC7CDCA375AC6B54F218974EEC863B43FDE6AF45374DF10872CA1DA49DCFC6F085DEAACCB5845D47154933A9D47CBC779673610
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-Lt.L"'.L"'.L"'.4.'.L"'.!#&.L"'.$#&.L"'.!'&.L"'.!&&.L"'.!!&.L"'Y"#&.L"'.L#'.M"'Y"'&.L"'Y""&.L"'Y".'.L"'Y" &.L"'Rich.L"'................PE..L...'q.^...........!......................................................................@.........................p^..|....^..........P...............x............M..T....................M......XM..@...............h............................text............................... ..`.rdata..~...........................@..@.data...............................@....qtmetadm...........................@..P.rsrc...P...........................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\checkers.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 12 x 12, 8-bit grayscale, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):80
                                                                                                  Entropy (8bit):4.8250725838538475
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:yionv//thPl/lEyAg+KjExt0Klds4M/2g1p:6v/lhPkpg+sEr0Kw9Vp
                                                                                                  MD5:0517A78A9D76782D9C5A0A256F696C42
                                                                                                  SHA1:A5C8AA81BEBAFD4C2432922768F83B17B890ABBA
                                                                                                  SHA-256:A9FAABAEE11FDCE6A16954F4B5ACFB8CCE82B956BDA8E36536E2FA2A5565833E
                                                                                                  SHA-512:F2DAB5776571D2A0E9AEDE01664B6191805AE484FD3016034BE1E0076BA4525EBEB769DD1D23BDF48D138D38433DA138C1C9D66465BE91CF4F9DC3CD837E0F38
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............s..;....IDAT.[cx......b....Q...:.I...M....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\checkmark.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):809
                                                                                                  Entropy (8bit):7.639303591497463
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7lCOYk1ciPxiqauOsLcf/BKdfTXuFUm3BbtbGaOal/5pRFwvckbtyYyuRer4m:zDDFW8JKdfTYnbGRaZdFwvcUdRryyKx
                                                                                                  MD5:EFE373D58B121955066445DE9442469A
                                                                                                  SHA1:114C6A870D9A9F821C067D6B217069FB1F57B100
                                                                                                  SHA-256:C64F5652492178D3E77C358C8169200A819BE50AE557DC5A9D71C1F77AA2EC7B
                                                                                                  SHA-512:C78A74A1603DF60E1F24DCD3A19044C0402CFB3C02B35DF0E53813193E0DDD672A7AD53FCC7591E1ED57A39DA80704F70E853B2A3201F8FDFE6FAC7457417761
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...@...@......iq.....IDATx.._h.a..?.m1....Y+5.`h..7HJ.H))....R.(7.P..\XI[v%.b....(.N...p16.9.~?u...}...{....=..y...{..}^.....X...W.80....@w..9m.n...d.v..x.p1.....|5.Z.?.L.._........O......+.8).'.uV..8............k.!..!Pj.~*.#....V.~..?b).9....b......$D...s&.-......?..V........l.....|)pI....Y1@...7X._V.......Y1...>.!m....9V.g.}...Y..........[.....Ujrc......&K..E......R..`J!/..%..".^K...7...S..v.;.....{....g.k.....G.*..Z..;|./&8X.O3.w.. .?...%..,.=.c_...W.B......Y....AM^..8......m^..:'.u...W...g.k....h..zF6......'....;...$7;}.V...p.?ko...^`.O.X.`.a`~J...g....V.A.j.....eb.$\..<.7.$.....?......./...j.<..Q........g/.+O..LZ;.^.....R.....B...w....!.k........q...".'c..'......?.l&.*.^:..f.@.vyp..AP.....)F^..%..1....)......a.0.fr....&..'t:..........*G....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\copy.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1338
                                                                                                  Entropy (8bit):7.747124563344084
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:6lVM8MgSjOvbmMhbYy2bwlWsnPyP/dPgqk4ag90m2Tlk/Mo6C6sGZI5A1:6lyU+wD6wlWsatPgQvK1em1
                                                                                                  MD5:EB9DEAA140599B0AE5B6F17885BC4FEC
                                                                                                  SHA1:A48179DDCE06E34B40CCD002E8B57F6E6E43028B
                                                                                                  SHA-256:2F1115B9C1D70650B8459714A7C410A2629D1992A25E4AF9ECAAFA9CFA1254D7
                                                                                                  SHA-512:C90EEAD71CFC46EAB38DF0C380139E549EA64D6C320CFCBAC395AAC5DA905B35266742A751559176700FC54B73116085C93BF50891186E8D0C1CCAE6CACB8D4F
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR... ... .....szz.....gAMA.....OX2....tEXtSoftware.Adobe ImageReadyq.e<....IDATX..]L[e..wo....I q.&.N..p.D.P....+.&J.'......l..9......@l.C. +..(.....J{..............*..<9o!...<.G.....F...LZ&a.j`...y.?]P...W.@0......2.'.X"s.yk.K.r..{......@......1).Ka%.D8.Bs.........y$..X....]....".K....M4uY....6..:..._..?V.EEU.*..........%...k.X........p.A....].......Z[[..U...T....195..9.&&PPP.!.o|.I....\...OA..C....j..PCf.....z.H....Dee5fg....f.t...@2-x..Q....p.F...S..~..E.'.a.A8..Pwu.LC#.5...q\.>,/.....z.c@}}.P2..F.f.............dn....:.~E"..+*0..@..mW.4.|S.5@f:......e....C.....cw...*w......e..y......Bgg'zzz8PIi.ni....o....g...%3.......@..(...cmm.........|...=@....A677.v.V.....U...G..;....%.$3O$.(+..........6Z..0...'.<=MI.J......=...0..|q.........P...zH....k....Wd...Sj..F..<..........f....d..(;d.H=.s...@ .eU..-..:c.}.i.v...]=.&...r..J*p.W.=..~.....g...@..D....qL..+++X__..'Y..t.PO...e..2.4...X..dNi)9.D.@....|[....O~u..q..q,.~.Nm.7....d,m72%..#..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\critical.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 32 x 32, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):253
                                                                                                  Entropy (8bit):6.644105823239495
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhP6rmoY0Xhvz23P4vC4IrRHUHThSJ8mlQBOkDwsup:6v/7yrnYch723P4vC4CRIQJ8UbN
                                                                                                  MD5:C0D25F09F63973E3E8D63929069E7BA4
                                                                                                  SHA1:AF6EEA179B40FEDF1BF38C863F2F0B11C63F4A8D
                                                                                                  SHA-256:11F9D1B451E5CB9A3C075387D56AED11AFDF5FF3ABC874B12221E695D5DF9C95
                                                                                                  SHA-512:3A6A05DEA9B818C5CE79586D5CE07DE4013020411D18A4F1AD5CEDD00AF0A57057F68ED22FDF5C592CCEBE7AE9E3FCE418097BC9BF6459672930D22F3F312B4C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR... ... ........g....PLTEe-g...........w.....tRNS.@..f....IDAT..].1..P.D.&...#X.)<.O.......aOi..G.%Y...v.........P....P....U.-..(|..H.j..)..].(.eHv.b.F....*VmP#....FlbH...}..s.'cL.l.Q...O...N{..[.#.....q..m...|..k\....N....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\crosshairs.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):876
                                                                                                  Entropy (8bit):7.601096840987649
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7yGiKZNdq4nks6YBPK3ZreNaXduKACDu0eHZdZodawndtKOXDg0sOQpKwgLe5:nGi2qw56sSpCKwHZbMGOMIwOeahW9N
                                                                                                  MD5:27D78295C7BE72DFC4F9902DB999FE12
                                                                                                  SHA1:E83D516E4ADC19963C35BC621C212ED23AFA320C
                                                                                                  SHA-256:30B4A6C95A606AD8E9649F55DC9AA1020637ACF850D204E31904B7144BF4969A
                                                                                                  SHA-512:0DCC78AAFA8F45A428A348DB5D0C19A9427CF966AB4F7D0F7B2A009B730C6B7E93844A6BDBF70D332AD6336E38154AE8F2FC4D0ADE2740BBD2E771A26E39B33C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.............;mG.....bKGD..............pHYs.........._......tIME........6&.....IDAT8.TAh.H.........j.!..1.....,j..vK...$|.I...vw..n..r.A......"....Tl..d-.1.ZA!^C.....5.^.o...7.{...............ey.W._.p......!I&...=#5...]...R..;....Fc.1..aH.bq.....<.o.*~7.'.F.RJ..|.q6.]0M........B>..L).....M.R#K...t:.y.DU.eY...eY...E..&.t:F)}Ijd.+. .vJ.R,..NF.Q\.#.^__......t8....htR*.bA......;...j. .J....=...........e.....O.Rk.V...Y...1.~.<.a..i..,7......7....w.%..<..B..E.4M.4M;.E.s....$..e..K...'.~.._...Fob8..~.?.eY..u..r...x.....:.....G7.vww.v:.^.....qV..a8...,o.^.1..m.#.0UU.zE......Q.!t.8....j...m...ca.....W.U&.9..r...^lom.....b.RJ..H.)......^.."..A&.9.U|5c1....a...x1.H.u.n......B..m........x.h......W9.U..!..n.}A....zCQ...@Q..^.7.AXl..>Bh.f.gb...5Bh..l...I.4..@.4..O.fs.!......K.V.....y'.(J.....j...W. ......(.x....grBk..P%X....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\information.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 32 x 32, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):254
                                                                                                  Entropy (8bit):6.547926800884188
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPLARehlh16BSVVCCVaWqsbfrXW2IK855/gt3tVp:6v/7gKhE0VVxaWjrXW225Yd7
                                                                                                  MD5:E63DA36F919735C308F3A549AB9DE849
                                                                                                  SHA1:D2E037B8FF7D52E8FEFD71334878FA68A083BA18
                                                                                                  SHA-256:84878E61F7605016611FBB49C07F1963C4823B41208162072FBCDA30963301B7
                                                                                                  SHA-512:6EF916C15958E7CDEDA1C6FEDB314585B2C1608936763E6E85877D3E25B9F0D76BB9340BD06F6AD251A363653415EB2CD41611EB1D203D13B190492BF45E6C63
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR... ... ......Tg.....PLTEet-....................tRNS.@..f....IDAT(..... .DA^.(L`u.T..H...bl0E..}.x:;.9...8...Z...W. T..J..?.Y...r=.a.2;hI.xK.a.S.TpY...(._.}.....hEK .`...I...C..k.t.w..JI.J.U...e....UQ....S..y.q..; ....M..{.R....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\question.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 32 x 32, 4-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):257
                                                                                                  Entropy (8bit):6.415365056752292
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPLARehlhx/ATmN3CexVXDfiJasfw6yvwM8p:6v/7gKhxR3HzfiJ3ov3u
                                                                                                  MD5:FC9C3BEA26774AC81478D5A102D2309C
                                                                                                  SHA1:475360264E44712708F262EFC5BA0173FC5B2A58
                                                                                                  SHA-256:98E8DD83FAC047B42FB3DE69F2733B87697CA8A33F54AE12E65D2D88867EF80A
                                                                                                  SHA-512:8EDEE937294990F49F1CE82A5F6A6CFE33594935991A0500B895389C4F78B45AD5E9B30B10FE045294DD2B9FFBBBBF47252E8EB8C33D92F69135ECDF2AB2549B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR... ... ......Tg.....PLTEet-....................tRNS.@..f....IDAT(.....!.DgE.A..D.D.....k................xK.p..5H.(..'hK.9K.k...\\.4..p`.9A..<.gL0".8A9...M.~..._..7.k...6b....I`(K......!&I-.S..%#.C0...I....N.t.....B._..NK...d....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\slider_handle.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 33 x 35, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1551
                                                                                                  Entropy (8bit):7.792886790544157
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:ML/6UyaupoFkgoKOldzUIWx4HYAqmTq5Y0x7y/QDA9bJt+COW04/zPwNOh0dFakX:0/6UyBpoWtKOlnHHY7iKzy+CfMNOSQkX
                                                                                                  MD5:2FEDE459808D27D66E72CC141C247775
                                                                                                  SHA1:FE82356C019458249747C1FD9BA2635A8F697FCF
                                                                                                  SHA-256:8FA5D483D83FE4A9320D524A5396C6C4DF80F48E553B0FDF344B36576236ACDF
                                                                                                  SHA-512:EEDA47AB421CBC535BD30B374D6057BB8B5B2972B5A4564555E301DCD0400A34F99A988E828075BFF0D1198F22F7A47E5620B93B3053A8478E7A4D1DF08AA241
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...!...#......,cd....pHYs.................IDATX..oH.e......e.a....rB,....b!.".Le.Dc...`$.......B...F.,D4.1X0(."..Q.65.?.z...}?..............;.y..>....%..o.).......Q...4..h-....8.$..c........xS...........vuu.v........KJJ.K.^]]._\\.........J......[.y,..`.......#G.UTT.....`..Dz....DB....w..t../4/*^..K..d. |...Uz...o....Z[[.j..<8..VTT........;;;.......x5... ...G..|...Z}e,.s.w......:.....h4~...w._...f.., 9A8O.G...}............QP..\...C...E. K'O.l... "..5.....`.%......<..lnn:.8&......0...r...gwoo.....Pf.V~."..........q..L.8...9....Q[[...g..`.8..Q7....../~*.aBj+5.A.*B.1...u..S.....D......vbj..lwMM.......X...9...)w".3T]]....bfffNB.|..H..'."r..............A....s).p8.utt..h7~.n..E...477.IP(F..5..2Y..!s ..n.Um."q...N)3.|.(....E ..V.tBM 7..3....]ZZ..)B,v.3AH...'7.f..LB......7y.M.@.(.......VfDTl5V|6N.-...t........C..d.|.."......A....1dN..(..sZ.@.......n.E........n..W..;..i.. .....6...D......i\...L.Hp.....N.....a..I..F.o@L.V.KLNNN-,,.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\sunken_frame.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 74 x 61, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):623
                                                                                                  Entropy (8bit):7.202049687689328
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7r5/6TFvNygZYD0yL0iRkl+V3tz1VNRJGhxNxNxNxNxNxNxNxNxNxNxadSQgu:e5/6rygZYDp0iRkl+9tz1VjJGhbbbbb2
                                                                                                  MD5:CA1794DACDF01801CE397608EF365155
                                                                                                  SHA1:C126DF19665BEB8F98FE19566611A39CD261A50C
                                                                                                  SHA-256:B4E6F75A256A8153AC362824A8B7DAA29C77008D812C78DDFA48F916A26C9F60
                                                                                                  SHA-512:9BEFA015DB39E33DF451F5FC0A2EFDE2B231398FC7AA1D9B5136A0736027B4D00DF352DEDA603F679B0296EB675937202035EF2850B50CE28D079966910CA55C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...J...=.............pHYs................!IDATx...=N.@.....F..h".+..9.. 7.7..^tIC...X.?...(...J.+.P.c...q..f..m...!$Ir..t.d.4MC...,....p8<.u.j/..e3.`....?..*S;....v.^?F.,.!..O.o...b....7.`e6K..s..O.*...7.............P.%."........W....Q.....X...t.........p..|..>..8.6az..+...._......l.3..v....u.dv..'Vi..x.1E..PL.{&6.;.s..b.,#(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@..(A..dL...)@...@.a...=...%..[e'(...k.........8fW(.].Vw.....K.......p.p(.b..k..n..|..~{.I...i.:2...Qc.a.}...B.4.?o.}p.Yo.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\warning.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 32 x 32, 2-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):224
                                                                                                  Entropy (8bit):6.463068668189326
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhP6suFh2DkA1u9mqw3WTKwyLJ8a0a2vro1X2up:6v/7yhFh2DpuYqw3qKzLJnI81X2c
                                                                                                  MD5:BC3BDEA5EF8793CF2437F69181BB01F5
                                                                                                  SHA1:7F37DBA2901F59D2976862C824A9068D02BAAF5C
                                                                                                  SHA-256:05408A124A293DF55CA5D3EB62F373C954075FC7EEF903C96F2559A9F3DBEED0
                                                                                                  SHA-512:82177628BAEC04A2D7FA320F5AE8BADC1525ABE8AF171D8BEA8439D390A5A931B66C9AF43349D3C1748A39BF691BDDAD7F3F29768829D986A08B9B767C9F2148
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR... ... ........g....PLTEe-g...............tRNS.@..f....IDAT..U....0..P.2....%...K.QzD.'....S...iQ..O..e.........=..~.(.....-.0i.....(...(Z........ ....14u(a}.*..Q8.*..3W..<E......@"..N....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\images\window_border.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 29 x 29, 8-bit gray+alpha, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):371
                                                                                                  Entropy (8bit):7.300004361961238
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhP2/2sN2+Dp4Fs/RHWkx2Q1evgQdWrqALFb2ktDPYPK7I5mGL/CYIYA8QvEl:6v/7HsQ+FasJF2Wey7LF3DWK7I5jGYIG
                                                                                                  MD5:3C059400E675F24F62F21A735D6D86A8
                                                                                                  SHA1:A1C8A945389171C2872BA7CCA7ED25BDBB245134
                                                                                                  SHA-256:9B6B13CF306091BE1274C62D0DD54003935CDBE2AFDDFA23D71BE3360E44213A
                                                                                                  SHA-512:3903DD82D4C03886E4EB4B3931FAE04B211D309CE9E8ED4D9A3D49C9B66AEC432C16834C387F4E84402E9297835FBE50B47BB3A182901BE9A214BD3331ADB82D
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR....................:IDAT8....N.0....J. ..D......k4zKj.`..0..dc.].m.d..-I.N.".x..}..b..b%K.\|3.i.\A...C.y..[..r)...O-.P..u....N.!....HcKu^..l.J..C....0fMt..........\.9%.b...y,."...=.`.[(.Kc|...x..F:.R..&...M+.....a.]....P\^..Z.....M......>..t..-49Vp.5.\..;.....Av.jp~.\.#.a.\z...^e........k..)...xsr....D...p"........./...Mb5p.....IEND.B`.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17475
                                                                                                  Entropy (8bit):4.348278578219007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:LHq8/cRcYYcYrV2SDsb3I0+/wblTWOsG0A0+uWp:LILYLtO6bq
                                                                                                  MD5:D42367D4EB91F9CA6204EEECCF4823BC
                                                                                                  SHA1:BA8C790F54A5AD1A24F150A21211253B8F7CF966
                                                                                                  SHA-256:768085CBACE8854A3D094DC13FEDA3F1521D647176AF6822436D6E1F1EEA7E98
                                                                                                  SHA-512:5CC4E6866EF2530966662558FA3686AD9BD9C14F0DB26D6297FD94D5D36D85D9E22A49D370D0B1006FAC0B7443771EAA57A1868D2960A013FFFBE34FCDE1624A
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable QtQuick.Dialogs 1.3'....Module {.. dependencies: [.. "Qt.labs.folderlistmodel 2.1",.. "Qt.labs.settings 1.0",.. "QtGraphicalEffects 1.12",.. "QtQml 2.14",.. "QtQml.Models 2.2",.. "QtQuick 2.9",.. "QtQuick.Controls 1.5",.. "QtQuick.Controls.Styles 1.4",.. "QtQuick.Extras 1.4",.. "QtQuick.Layouts 1.1",.. "QtQuick.Window 2.2".. ].. Component {.. name: "QQuickAbstractColorDialog".. prototype: "QQuickAbstractDialog".. Property { name: "showAlphaChannel"; type: "bool" }.. Property { name: "color"; type: "QColor" }.. Property { name: "currentColor"; type: "QColor" }.. Property { name: "currentHue"; type: "double"; isReadonly: true }.. Pr

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\ColorSlider.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5169
                                                                                                  Entropy (8bit):4.536859187559398
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:KZgUldGcQWEXgRNCyzWFjj7F6n6Qdt/CZny:KacGPRM2jY6Q6Ny
                                                                                                  MD5:2053BEB17775590145452FF08C214A2D
                                                                                                  SHA1:C659D1D8D08DFFDC300F4E285EB3C9515FAFAD73
                                                                                                  SHA-256:09C0F59403C883BE3DD866A2ADB6BE5F5BE40ED9ABF73109C87BA6627843F3FF
                                                                                                  SHA-512:1FA918BBD8752F61160C43438E0EE420A8ACCD2B44DACDE2D67C3E73C754F84990816EC7C24AFFB387328F4F4FD03B1AA8D91EAAAEE37E88844791FC959B6F77
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\ColorSlider.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:DIY-Thermocam raw data (Lepton 2.x), scale 7168-0, spot sensor temperature 0.000000, unit celsius, color scheme 10, calibration: offset 37778931862957161709568.000000, slope 38092526512210224087040.000000
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10732
                                                                                                  Entropy (8bit):3.0252583497967533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:LwQidxNOARtcSydoCbzUIy0Yrp8jGW465UNNEbY7g2esV/TmV/9WKFOUaSxq6512:DidxHR6D3sa8pVSVUmOUaUradJwaOg
                                                                                                  MD5:5937FDE2F76FC67466AC5B2FCDFAD1F0
                                                                                                  SHA1:56622543268C721463583D74B96979057A4D49AD
                                                                                                  SHA-256:9822F5573E499339A8852CABB24071529464878D156578FA1434EC817475451A
                                                                                                  SHA-512:19AAC457145B9D3CF6570FF3129AADE2868DCEAF850DD9B9D77A104B2B94E522376054A23952F3871C40F0661EF92583E167912D16179CCCFB97F896CC5ABB29
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)................)....................................................m+'..D.r.jN3k................#...T...X...............`.......`.......`..._...h.......................0.......0.......0.......0.......0.......0.......0...............`...0...x...............(...p...........X...........0...x...........P...........0...x...........`...........8...H...#................... ...........c...s...c.......S...s...c...s...............c...................C.......c...........................................................p........... ...............c...C............... ...................#...#...............c...s...#.......s...C...........0...............#...#...............c...s...#.......s...C...........0...............p............................................................@.......?................@...............8.......8...............2.P.................2.....:.....@...............8.......8...............7.P.................7.....:.....@...............8.......8...............

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\DefaultWindowDecoration.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2923
                                                                                                  Entropy (8bit):4.814473625804855
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLZO6E+iCshVKzlOWGf0hEVufy9LwM/iGyHzOyWa4rUsNklW:KZgUldGcQWB3C4sNk0
                                                                                                  MD5:84B553B79DFEC2754C249E7B1D9C9866
                                                                                                  SHA1:8FD19667062607A9221C2715930622A3F6D17290
                                                                                                  SHA-256:27EAD3D6967813CC5C72A357536D0353D6A6C44D5199DC0F7BC918993F3AF846
                                                                                                  SHA-512:98F111F4183E3D94D9D33DA91A128D3855A8028B5C59052E2E318DB5D053D6BE9A08ADAF55B4448E5767AE7BC994D8AC7E2D5E0AA0ECA54E3FD2AF6EFA53A2EF
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\DefaultWindowDecoration.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5116
                                                                                                  Entropy (8bit):2.8116398092755834
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:/LwWmyIHHEGEbB7gR6YJH+sdq+mNIs3twa6/avL4B2/lw/1:jwWXrFSCnK2a
                                                                                                  MD5:1BB933B05546B77FB5AA50E21CE9D69B
                                                                                                  SHA1:C24C8181D3DDB0BC525256DACC8C9252FB0A8285
                                                                                                  SHA-256:93A064D4CD37A179BEA7FEDC959E32391990C8D2E08F98161FEEA6A695EB2CC9
                                                                                                  SHA-512:E476DF269C1E25A800F49883783D807199C8AEF170E3F5F46CC67B8FEDD57247425B1F129973A4CB731B04D8139E1CDE4950C5F5DA634315352E8F01DAC3A8BA
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...................................................................m..O*....\t..................#...)................... ....... ....... .......0...................................................................................................8...........0...........8.......................c...........c........... ...........@...........q...........................a...c...c.........................@...............8.......8...............,.P.................,...........@...............8.......8...............3...................3......L............@...............8.......8...............2...................2...........@...............8.......8...............:...................:.....L...:.....|.H.........@...............8.......8...............;...................;.....L...:.....|.H.........@...............8.......8...............<...................<......L.........>..........@...............8.......8...............=...................=......L.........>..........@.......

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconButtonStyle.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2578
                                                                                                  Entropy (8bit):4.882779279619284
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLZO6E+iCshVKzlOWGf0hEVufy9nCfpAloH:KZgUldGcQWV
                                                                                                  MD5:73FA314C522EBE80DC8F040691686A0A
                                                                                                  SHA1:5497551F284B4001EA41351BAEFAD32DFBBFA9D7
                                                                                                  SHA-256:C97B15440CF90EABF155D6EA8DBD58FE9821D0D4A5B7688EEA84432CDF5E92DC
                                                                                                  SHA-512:DFCD5C6DF85162CA533326C87F9CE1F132ED5A85B192C9F838A419F7F329C63966A04641ACFAD8B15568149D992C33EFA9B3A1AFC094E2BB4BA43BE57794C166
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconButtonStyle.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3976
                                                                                                  Entropy (8bit):2.809891008182157
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:FXggx/SAWhnSoJ1H+DUDfkk7xDXaMDnnrXBC9/f2jAHzDajUsZ0t:tggx/SAWhSoJ1eDUDfk6VxCF2UHA1u
                                                                                                  MD5:6D5FC7DA5BDA5F351DE6A81C57DB595C
                                                                                                  SHA1:A1B8BA3366834C19250F2E493BB7DF7A3E6BEA1D
                                                                                                  SHA-256:F6FD689ED1C8A89B77246B2CBCC45818329EA2ADD91D7EB9827B91A8C5758AC0
                                                                                                  SHA-512:A3901F22F1A8024C2DAE619467DD20532B426C961506D8193415F8138B8327833BAA1944E0BF48EB5EF352D794B2A97789664CC1C8CAA8812483F5B509F2B7E5
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)....................................................................R..o..*E..p?.................#...'...................................................h.......p.......x.......x.......x.......x.......x.......x.......x...................x...........p...........H........................................... ...........0.......@...s...P...c...........................@...............8.......8...............4...................4.....:.L...:.H...:.........@...............8.......8...............5...................5.....:.....@...............8.......8...............6...................6.........:.................@...............8.......8...............7...................7.....:.....@...............8.......8...............8...................8.....:.....@...............8.......8...............2...................2.....:.....@...............8.......8...............3...................3.....:.:...........8...X...............X...................@...h...............(...X...........(...

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconGlyph.qml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2253
                                                                                                  Entropy (8bit):4.856978310285491
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MLZO6E+iCshVKzlOWGf0hEVufy9XklypC8Uy:KZgUldGcQWqPF
                                                                                                  MD5:D8710E02063FBE1B4067C084AF031FCB
                                                                                                  SHA1:3DB05373A09ED4A0223228950A145E1F0FF9D2EF
                                                                                                  SHA-256:9E11B7F60E9FDE3C7F923801F226C2211024A1BEDDE78CDFCA94162E53B6CD2F
                                                                                                  SHA-512:FE17C421DAC0F2A31536580F7188B3522379C29BE686C6335D6231FA09F5E8E4DE8B45B0ED6D991A23C8E3794953F2C4F51FF6EEF6DF4FC1B163310F457FA871
                                                                                                  Malicious:false
                                                                                                  Preview:/****************************************************************************..**..** Copyright (C) 2016 The Qt Company Ltd...** Contact: https://www.qt.io/licensing/..**..** This file is part of the Qt Quick Dialogs module of the Qt Toolkit...**..** $QT_BEGIN_LICENSE:LGPL$..** Commercial License Usage..** Licensees holding valid commercial Qt licenses may use this file in..** accordance with the commercial license agreement provided with the..** Software or, alternatively, in accordance with the terms contained in..** a written agreement between you and The Qt Company. For licensing terms..** and conditions see https://www.qt.io/terms-conditions. For further..** information use the contact form at https://www.qt.io/contact-us...**..** GNU Lesser General Public License Usage..** Alternatively, this file may be used under the terms of the GNU Lesser..** General Public License version 3 as published by the Free Software..** Foundation and appearing in the file LICENSE.LGPL3 included in t

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\IconGlyph.qmlc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2476
                                                                                                  Entropy (8bit):2.6851163636343753
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:NRsZpj2P93zOEmtK/NMbUAJUBk7xDdQDUDyk8CuFwC4GHug0CIYRseu82:N8BUsEmyedSk7xD2DUDf81FwMuCI7382
                                                                                                  MD5:BC90F71DD5CB99DFB9A095222A6372A9
                                                                                                  SHA1:D7F6C479538C1EBC512542935E176E0EC6064E27
                                                                                                  SHA-256:7C67F4595EF8E0385E8FDBEDD2E2670CA341B0ED45A5C4C70117C701CAFF19B8
                                                                                                  SHA-512:98064952FDB84EA7128B23FB1EF8CB46D1B16330BF33225AD70B359FF856AD565AA61DAF739F58B204206577BB5E08CB6C94373F03789B8D11092000CCC0BDCC
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata)...................................................................4...-.f..@b..jN}................#.......x...............................................,.......0.......0.......0.......0.......0.......0.......0.......0...................0...x...........h...3...#...@.......P...c...S...p.......@...............8.......8...............,.P.................,...........@...............8.......8...............-.P.................-.....:.....@...............8.......8.................P.......................:.....@...............8.......8...............0.P.................0..............|............................................(...P...x...........(............... ...H...p...............(...`...............@...h...................................................................Q.t.Q.u.i.c.k...........................T.e.x.t.................................i.c.o.n.................................w.i.d.t.h...............................e.x.p.r.e.s.s.i.o.n. .f.o.r. .w.i.d.t.h.........

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\icons.ttf

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:TrueType Font data, 16 tables, 1st "FFTM", 18 names, Macintosh
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17372
                                                                                                  Entropy (8bit):6.495131950326858
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:GIt1+g9anyxdW0bfQOHib4pD7CpbiAK8Di7TZDIc5DXR:GItJjdW0bfQSpp2bvuygDXR
                                                                                                  MD5:0602541849C19734D8FE4B0357EF96AD
                                                                                                  SHA1:F8059C6F4D69F99BEDE1953DD8E092D09A2A58BC
                                                                                                  SHA-256:BC9A94815F9FBDAAC280F0793BF10EE347262EAF99F869BC1027E61C7DCD5BB8
                                                                                                  SHA-512:0A07486F4D34CC3A3F1AF71F4C99DD12DD230CC36690DBA5A4A3B1002D1F5F8D20007D0AF43878C680824F47950BE9E4BA2A89FDA2227A3E9EC9670126FB5295
                                                                                                  Malicious:false
                                                                                                  Preview:............FFTMp.^...C.....GDEF.r....C.... OS/2|$IB.......Vcmap%..........Rcvt .......4....fpgm...Y...H...pgasp......C.....glyf..r9......,Phead...".......6hhea.......D...$hmtx.7.i........loca].h....@....maxp.......h... namexUb6..=....<post...2..@X...>prep.k.........{........q..._.<..........,.......,.....U./.h.................R.j.Z./...../.................D.....E...............s...4.#.......\.......z.......z.......1..............................PfEd.@%..@.R.j.Z.i.....................M.......Y...Y...Y......./...Y...........Y...Y...Y...Y...;...;...e.$.e...Y...Y...Y...Y...Y...Y...Y...Y.......;...................................Y...Y...Y.......Y.........../...Y...Y...Y...Y...Y.......Y.../...........................................Y.....................................L...........0............%..@......%.............................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qml\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):103
                                                                                                  Entropy (8bit):4.4938650535504765
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:IlTFBuRKL2ETsGQnERKL2zYsoE8FnQi6g0y:2TyQzgGy4Qh5nB0y
                                                                                                  MD5:F69C5417FDACE8F0FE5777F919F0CC6B
                                                                                                  SHA1:31188CB3833AF3D00E7684598AF82605C486FC87
                                                                                                  SHA-256:F1DCCB2C3B5146E810BD0A09F666FF7487AC01F30EBA79F299405E24E03ED3B2
                                                                                                  SHA-512:25DB3A52CE7CC41BBC998387D370CC94BAF201064BF369B34B4B48DDF3B1965F1DDB635AF0CDEDAE2644502A21CE09117AA66BB28F1F1ED80F11C2E4F5D3F41C
                                                                                                  Malicious:false
                                                                                                  Preview:ColorSlider 1.0 ColorSlider.qml..IconButtonStyle 1.0 IconButtonStyle.qml..IconGlyph 1.0 IconGlyph.qml..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Dialogs\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):295
                                                                                                  Entropy (8bit):4.672674055701312
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:xVa6zeRxMe8oOP2Jz+keSADPTOsysm8ovyda60yHydfa3Cj98Vv:xleXMCbJfebOsRm0hw8F
                                                                                                  MD5:07EE308A95E51E1307173609A33797BE
                                                                                                  SHA1:22F129C701128699D7F9D2ED61C7E63D41A83D87
                                                                                                  SHA-256:DFB9687DA7EF6417F14A2BD5972E0B801535A80017DC8E8C0C7E6553E535EA30
                                                                                                  SHA-512:79442106707AE1716495AF3797D02DAD57E9F60881D52B90DFC237E5536CFB01197B2FC30D0292D2F7A8F691C3B6679043181610127B237CE36804B44401DF35
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Dialogs..plugin dialogplugin..classname QtQuick2DialogsPlugin..typeinfo plugins.qmltypes..depends Qt.labs.folderlistmodel 1.0..depends Qt.labs.settings 1.0..depends QtQuick.Dialogs.Private 1.0..depends QtQuick.Controls 1.3..depends QtQuick.PrivateWidgets 1.1..depends QtQml 2.14..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Layouts\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4729
                                                                                                  Entropy (8bit):4.499794536623487
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:1uxcACwWq5iEgipiKoorzq8vOuNrtvgIOJ0eKJibiy4lw3yL:8qACwWWiEgipiKoorzq8vTNrtvgIOJ5u
                                                                                                  MD5:CDC32B98C2A680E6E33B943263EF405A
                                                                                                  SHA1:69B1022A07B2414B3E41EE25C84DC060B0D10C85
                                                                                                  SHA-256:969F62515DFAEF072E1AEBFA8DD34A8C543D92DC623CB93B3ED3A974C80E2E13
                                                                                                  SHA-512:C8F9C1F34AB8601CC9BB4803AA15C7786615D07BE2E678D1913AF3FCA695ACE1F0ED3FA1F758E75F42B81F946DA74DECBC2338226B9B6A468DB951A2CAAB9243
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: ["QtQuick 2.0"]. Component {. file: "qquicklinearlayout_p.h". name: "QQuickColumnLayout". prototype: "QQuickLinearLayout". exports: [. "QtQuick.Layouts/ColumnLayout 1.0",. "QtQuick.Layouts/ColumnLayout 1.1",. "QtQuick.Layouts/ColumnLayout 1.11",. "QtQuick.Layouts/ColumnLayout 1.4",. "QtQuick.Layouts/ColumnLayout 1.7". ]. exportMetaObjectRevisions: [0, 1, 11, 4, 7]. }. Component {. file: "qquicklinearlayout_p.h". name: "QQuickGridLayout". prototype: "QQuickGridLayoutBase". exports: [. "QtQuick.Layouts/GridLayout 1.0",. "QtQuick.Layouts/GridLayout 1.1",. "QtQuick.Layouts/GridLayout 1.11",.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):130
                                                                                                  Entropy (8bit):4.486904883928531
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BVq+sCeUUucMjQCzvyWmopjD+RLV06qWoZAhoAw:xVqeeUUurjQG8oF+keSAho5
                                                                                                  MD5:E9CA7D1D1F439C9BE217759F619BF102
                                                                                                  SHA1:C8569CB2A6FCB910121AFE65CABCEA65D28375FF
                                                                                                  SHA-256:CB585C2FC06EDCA4B95C9EE04017CD384CAE70356E8DD468ABD7C4FD1E640B59
                                                                                                  SHA-512:A4F1D3D8B825F9B7E9BFD0C7FBAFD7CDF379C28BFBFD8C78DEC27546EC0CCC3871CB9B69DAF12D0A262756593B39E28D47344C075AAAB68998545638BCF214F8
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Layouts..plugin qquicklayoutsplugin..classname QtQuickLayoutsPlugin..typeinfo plugins.qmltypes..designersupported..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Layouts\qquicklayoutsplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):78456
                                                                                                  Entropy (8bit):6.448742011076949
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:Jo5sGJUXCSMofxJ7NP8shTYsUGTeX3FzmvOolKB9EfW5P:JEEFRJJiGT23EvORB9/5P
                                                                                                  MD5:F583F86DA65F7DCCB5C9662642D2EA76
                                                                                                  SHA1:E7899F27F810492EA1FB1E9335AAE4542932D65F
                                                                                                  SHA-256:538320755721C8B5E53B17BBB093701205DE50B45332D641BB2036372EE0B893
                                                                                                  SHA-512:6A60DC576F9214E65D17B6E707DE715659BC97F68C3A2C7F63A5D73F4875FA1CA02713124D3F67CF1DAB560E8E88E54DEDCF1BFDD7EC400F4D219C8C9373C50A
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ox.O..HO..HO..HFv.HI..H.c.IM..H.f.IM..H.c.I\..H.c.IE..H.c.IM..H.`.IF..HO..H...H.`.IG..H.`.IN..H.`.HN..H.`.IN..HRichO..H........................PE..L...Rl.^...........!........................................................`...........@.........................P................0..X...............x....@......p...T...................l...........@............................................text...{........................... ..`.rdata..xg.......h..................@..@.data...............................@....qtmetadn.... ......................@..P.rsrc...X....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):129347
                                                                                                  Entropy (8bit):4.353850126184248
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:/w4mzWW7TUwVrpPFKR8wEsCrO413mtCChAIwU7kowHCCRO:/w4mzxPUw2EsCrO4ZQSU7kvHCCRO
                                                                                                  MD5:E2B590A1F1A8596F646D7E4993BCBB43
                                                                                                  SHA1:2FC7385058C8C55CB75EAD3A62146C9179C04CF3
                                                                                                  SHA-256:5DF0927CE02B8C4FB28DD932F41977019329B2A348E3CC1420819C719460CE6E
                                                                                                  SHA-512:77C43A95B884D99F26BC9ED2078DB759DFE3005A3855822E178D290DD653AF6A3668662CCAACFC7C7ECA3D914E1F23F9CD49AD2F8A2B4A30DE9034028F90EDE9
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2....// This file describes the plugin-supplied types contained in the library...// It is used for QML tooling purposes only...//..// This file was auto-generated by:..// 'qmlplugindump -nonrelocatable -dependencies dependencies.json QtQuick.Templates 2.15'....Module {.. dependencies: ["QtQuick 2.9", "QtQuick.Window 2.2"].. Component {.. name: "QQuickAbstractButton".. defaultProperty: "data".. prototype: "QQuickControl".. exports: [.. "QtQuick.Templates/AbstractButton 2.0",.. "QtQuick.Templates/AbstractButton 2.2",.. "QtQuick.Templates/AbstractButton 2.3",.. "QtQuick.Templates/AbstractButton 2.4",.. "QtQuick.Templates/AbstractButton 2.5".. ].. exportMetaObjectRevisions: [0, 2, 3, 4, 5].. Enum {.. name: "Display".. values: {.. "IconOnly": 0,.. "TextOnly": 1,.. "TextBesideIcon": 2,..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):121
                                                                                                  Entropy (8bit):4.495667221834466
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BVGIjNzeURdUEmsQPcvyWmop8NMXKyxRSfL8SFzy:xVGIjxeUzDz8o5XDCPJy
                                                                                                  MD5:7BE62FE11F4EF9F5E2D21B302503CF4A
                                                                                                  SHA1:B0E22A9D9DE1E25D8F469F59246EEC7EF015A5AE
                                                                                                  SHA-256:45E9D25A1FB0BEE1D44997F86628105814C729929883AC0F4E13BB06496D4461
                                                                                                  SHA-512:FD47123EF70423AD31014922EAACE41697F6AC450E06F5ED3A9C63DF23B621DA08B2D491089AB84577810830D3F985797ADC4987848FAE60F141885C6FC4B3F9
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Templates..plugin qtquicktemplates2plugin..classname QtQuickTemplates2Plugin..depends QtQuick.Window 2.2..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Templates.2\qtquicktemplates2plugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):282744
                                                                                                  Entropy (8bit):6.524066760497882
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fc984RKqScsdMQxgcyiCQpZSfyPu5UUh1TROfiVqRXWvTAyuOtVjIUJO31H4VhVC:fa9yBEDswBEBndBeLy
                                                                                                  MD5:DFF5F0B42EC6A3F6D72C15AE34C9568F
                                                                                                  SHA1:E94E09E4478806B3CB50340FAA24674E09E43B05
                                                                                                  SHA-256:E66EF24269067F10A839F009752B3C284356AF9B479DDC27EE4086CFF60466B7
                                                                                                  SHA-512:0302A791342479143AC0F92F9E48B3216A2DC6D576E749BA79DDD54F434DC11B6D3D1D1B03D14CE532F144CC638C74567A7015C0212E48B31526CEA78F6F69E4
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A..q/..q/..q/......q/......q/......q/...*..q/...+..q/...,..q/.Z....q/..q..(r/.Z.*..q/.Z./..q/.Z...q/.Z.-..q/.Rich.q/.........................PE..L...Qq.^...........!.....@...........F.......P......................................oE....@.................................D...........`............:..x.... ..@^..0...T...................,...........@............P...............................text...4?.......@.................. ..`.rdata...t...P...v...D..............@..@.data...."..........................@....qtmetads...........................@..P.rsrc...`...........................@..@.reloc..@^... ...`..................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Window.2\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14715
                                                                                                  Entropy (8bit):4.185372616992825
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:RyfyibkrKyT5yi+DlslXglI3l8lRlzl8lhlilGIl8lml/4ly4lETohsMi3ideb3e:fOAqDStCRS
                                                                                                  MD5:F0DA864D2BCDB12D5DF2429E1568D916
                                                                                                  SHA1:862ACDDD835D9DB8C6C026C712269FE673B3E6F2
                                                                                                  SHA-256:73DF254FA19AA35EB6CD7A22D0DB32E980EA1C86654C10AB8987FCDBB4418396
                                                                                                  SHA-512:7B3C2D37100412E87E6B271BCC235BBF652C05D71B36B2B57534ACA3A7B701D452F1E46C90B031B9562F1EF8AB8DFF07A7A59016B2E210BD8D60EF8D3274F024
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: ["QtQuick 2.0"]. Component {. file: "plugin.h". name: "QQuickRootItem". defaultProperty: "data". prototype: "QQuickItem". Method {. name: "setWidth". Parameter { name: "w"; type: "int" }. }. Method {. name: "setHeight". Parameter { name: "h"; type: "int" }. }. }. Component {. file: "plugin.h". name: "QQuickScreen". prototype: "QObject". exports: [. "QtQuick.Window/Screen 2.0",. "QtQuick.Window/Screen 2.10",. "QtQuick.Window/Screen 2.3". ]. isCreatable: false. exportMetaObjectRevisions: [0, 10, 3]. attachedType: "QQuickScreenAttached". }. Component {.

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Window.2\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):122
                                                                                                  Entropy (8bit):4.531514845496093
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3BVfL8SyVMSKBK+6ovyWmopY9d+RLV06qWoZAhoAw:xVPGMSatz8oOX+keSAho5
                                                                                                  MD5:C434589591A9B33CBE88891AFBB7C144
                                                                                                  SHA1:42476FB63F3CF463B4BB03B47048AA0918E588B5
                                                                                                  SHA-256:8D88B81547E1573F8C91DF998EA82608E0A79770B014C82F760A67388B41945A
                                                                                                  SHA-512:5A09830970EA37942166C1E5E5CE0FE452290EB9CD662FFAA9858BDB61806CAA03B1016D30C98871A7B6C8FDFA369E29E3940A5F9779D967B98EDE5901F4D30F
                                                                                                  Malicious:false
                                                                                                  Preview:module QtQuick.Window..plugin windowplugin..classname QtQuick2WindowPlugin..typeinfo plugins.qmltypes..designersupported..

                                                                                                  C:\Program Files (x86)\DriverHub\QtQuick\Window.2\windowplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):43640
                                                                                                  Entropy (8bit):6.240279259880374
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:A++sZ5NjiiDJ6nRKCZfgKSaMhxCTlIXsi9tbmzS:WsZ5NjfGfvsPCTlQsi9tiW
                                                                                                  MD5:7AA0050F5909BB06C31BE677C7D4B87B
                                                                                                  SHA1:5B5BF642083819493CDA3687C9C93AF989DCC8BF
                                                                                                  SHA-256:D999B7E7945EBC31C033F31074BD581438E9E7CC90FF5804A91E5BE53D28A31A
                                                                                                  SHA-512:92141820922329C5A984150EA45E1519DA7AB353D2281B121C3A01ACD7F941A16CAFFEBFBCC3DDF876707D609CF5FF5645F90BCD2210E18A2CA458345E900114
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..$ha.wha.wha.wa.Kwla.w...vja.w3..vja.w...vza.w...vba.w...vja.w...vaa.wha.w.a.w...vka.w...via.w..'wia.w...via.wRichha.w........PE..L...Hl.^...........!.....4...`.......;.......P......................................g"....@..........................p..|....q..........P...............x.......`....c..T...................|d.......c..@............P.. ............................text....3.......4.................. ..`.rdata...F...P...H...8..............@..@.data...............................@....qtmetado...........................@..P.rsrc...P...........................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13525
                                                                                                  Entropy (8bit):4.017315814696107
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:epomn6ymnymx/yT5yTyg45y4yfex/yhx/yIx/ytx/yex/yhx/yIx/ytx/yJ4QE1R:7Qr9bXmrQWCoO
                                                                                                  MD5:3E72475117B4FCA01344C01E945D2E4E
                                                                                                  SHA1:EF8B4C4D6AED02CB47F924B61B75C6845AEABEFE
                                                                                                  SHA-256:5F3888C687398413E1273BC7380FDFA50CBD3D502EB9FF3F63B40BD4D66F29BD
                                                                                                  SHA-512:E707604DDA8CBA8B3F677175957F02EE220F95CE6CECEF06736C37252E0983D14C5FD792355614D16A06C2004F8FD886F4C15A19A60013FB18873025C5E40637
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: ["QtQuick 2.0"]. Component {. name: "QAbstractItemModel". prototype: "QObject". Enum {. name: "LayoutChangeHint". values: [. "NoLayoutChangeHint",. "VerticalSortHint",. "HorizontalSortHint". ]. }. Enum {. name: "CheckIndexOption". values: [. "NoOption",. "IndexIsValid",. "DoNotUseParent",. "ParentIsInvalid". ]. }. Signal {. name: "dataChanged". Parameter { name: "topLeft"; type: "QModelIndex" }. Parameter { name: "bottomRight"; type: "QModelIndex" }. Parameter { name: "roles"; type: "QVector<int>

                                                                                                  C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128
                                                                                                  Entropy (8bit):4.415318118360758
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3B3JPAyWxA5pUIIHWxAiCzvyWmxoA5MWbs1Oe+RLV06qWov:x5PT5pUIITiCD8W6g5+key
                                                                                                  MD5:DF20F8FC4BD37E9D47303359FE2EC138
                                                                                                  SHA1:673181FAB53765864747A1833026D018DED7EFBD
                                                                                                  SHA-256:F75BB323DFC225D171DB112E509E34CC7450786CB7120DF4B1F085A510DFB739
                                                                                                  SHA-512:69132E229DA823E51D99BD3851F79C52E95C20F05AF4B6C275450F87FE4EC906C6B31FD16853AABFE557642E16D8C719DB3C4A1D73031BA0493DE49682D9028D
                                                                                                  Malicious:false
                                                                                                  Preview:module Qt.labs.folderlistmodel..plugin qmlfolderlistmodelplugin..classname QmlFolderListModelPlugin..typeinfo plugins.qmltypes..

                                                                                                  C:\Program Files (x86)\DriverHub\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):52856
                                                                                                  Entropy (8bit):6.423874077004756
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:DiJrsMKToqEk14FijQj47polNAwnufS1FuF:DiJFKTdpsAwnufOsF
                                                                                                  MD5:2B1ED7D4F662B1ADE40F7A90D873CBF2
                                                                                                  SHA1:FDDFA146EBBC50BA5C30127F8BF8F1201997A7B7
                                                                                                  SHA-256:78F03FD361278D5CD2AB3DE743077D6C0989A5915E9C83AF5E1E949112F38240
                                                                                                  SHA-512:EC65725CE945A0C84ACD3F23E330AB304C356DEB8EBFAC93BBD4151F07A984D9A4F9141376BAC3011A48BEDB4ED54BEFAF2F9349FCADB10DD3137824E69366D5
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:..[...[...[...#...[..S6...[...3...[..S6...[..S6...[..S6...[...5...[...[..j[...5...[...5...[...5t..[...5...[..Rich.[..........................PE..L...=l.^...........!.....T...d.......Z.......p......................................Z.....@.............................................h...............x...............T..........................H...@............p...............................text...;S.......T.................. ..`.rdata...K...p...L...X..............@..@.data...............................@....qtmetady...........................@..P.rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Qt\labs\settings\plugins.qmltypes

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1131
                                                                                                  Entropy (8bit):4.265226415596101
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:I8BF9dN7/1vFVXTLXxEs4rAZ3rNiyrAZyr+9ZkiyOL:I8BFZ7HNfxEs4MZiyMyKrkiyOL
                                                                                                  MD5:6669D4C46230AB0F3481099D627FFB99
                                                                                                  SHA1:14A4ABF7A8C0A11198EE52D520D58BF57AEB0DF3
                                                                                                  SHA-256:79BF121D97758B4F7982BECB71D50A39C4EF65161857279CB5E53ABC84C4BFEB
                                                                                                  SHA-512:162D2B7FDAB2E229FDB1E9AA065F948EAF09D1FB3AF9E434B5B3FACF7A236C4E3AD3E90921C812DA949A51B33594C80BCBF6900BBBD49CD2AFA9850BA350DA6F
                                                                                                  Malicious:false
                                                                                                  Preview:import QtQuick.tooling 1.2..// This file describes the plugin-supplied types contained in the library..// It is used for QML tooling purposes only..//.// This file was auto-generated by qmltyperegistrar...Module {. dependencies: []. Component {. file: "qqmlsettings_p.h". name: "QQmlSettings". prototype: "QObject". exports: ["Qt.labs.settings/Settings 1.0"]. exportMetaObjectRevisions: [0]. Property { name: "category"; type: "string" }. Property { name: "fileName"; type: "string" }. Method { name: "_q_propertyChanged" }. Method {. name: "value". type: "QVariant". Parameter { name: "key"; type: "string" }. Parameter { name: "defaultValue"; type: "QVariant" }. }. Method {. name: "value". type: "QVariant". Parameter { name: "key"; type: "string" }. }. Method {. name: "setValue". Parameter { name: "

                                                                                                  C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmldir

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):107
                                                                                                  Entropy (8bit):4.282225142848317
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3B3ERMxyjeUItojQEvyWmxN3Mx15+RLV06qWov:xUmyjeUIS/8vY15+key
                                                                                                  MD5:B1F564E1CEC8D91FFA94C36EDE2A8F24
                                                                                                  SHA1:4A04351CF163036E4A56967E4ECA872A93E4E0BC
                                                                                                  SHA-256:49522AF40488E52E8A1DEDA8B51F591DF1ACCA1605336784EB7D4299E5AF02EC
                                                                                                  SHA-512:FB5558F86F0553EBE9F592C1D1EE834194ACC023E6D292E9D543F30C664BF8939AF302141ABFDD300EE5FECCECD2196E22E6DFCBA604E0FEA1C6B888A33AE5B6
                                                                                                  Malicious:false
                                                                                                  Preview:module Qt.labs.settings..plugin qmlsettingsplugin..classname QmlSettingsPlugin..typeinfo plugins.qmltypes..

                                                                                                  C:\Program Files (x86)\DriverHub\Qt\labs\settings\qmlsettingsplugin.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):35960
                                                                                                  Entropy (8bit):6.394597927048915
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:l0jDCRVymBRFKs+HfMTvqqiqxfNOxlqUX+sE6bImzKi:l2GRVfRFKNfhqiSfNOxl5+sE6bhx
                                                                                                  MD5:0CEF580E869FFA3DEB4A1049BBDEF981
                                                                                                  SHA1:4478E9092459C97AA8C816DA26DA2E4971B295F1
                                                                                                  SHA-256:C9338EE5D42B8469091A31A8C24B662A6E64E84063EDBEB0D5685438CE729211
                                                                                                  SHA-512:AB29D70BC9BAE5FF9DAA175C2AFC13CFD347EEB9DF6435FFECF3516F1D0915E65E9DB8C641A72667E24AE543E1E41F9D7CF1E0EE63F8659CCE63CEF7D4E076D6
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g..|...|...|.......|..3....|.......|..3....|..3....|..3....|..z....|...|..y|..z....|..z....|..z....|..z....|..Rich.|..................PE..L...7l.^...........!.....4...B.......:.......P............................................@......................... c.......c..........X............v..x...........pY..T...................lZ.......Y..@............P...............................text....2.......4.................. ..`.rdata...,...P.......8..............@..@.data................f..............@....qtmetadl............h..............@..P.rsrc...X............j..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\Win32\Installer.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):143016
                                                                                                  Entropy (8bit):6.608198085006274
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:66w9LndvyHLczOspva8ntkKhlYtzhBRzuWciMPKL42HJTb8WHT9RSMBCbS8nF+:5w9LnQQz3S8lYvqWTMPeH7SywfnF+
                                                                                                  MD5:F130B346B2A5E67DE0AFD459D9A3A1D6
                                                                                                  SHA1:6BE38CFF4C02B244A1ECEC247BEA2153A6B34BB6
                                                                                                  SHA-256:6E430C27DE62D7FB13006D5E4DCF1E9D5F903E4B5473C01FA10DB4DA6B6725B4
                                                                                                  SHA-512:D62CE04834C7DC22C0A41B317F8306ED7CC41253B65AD7AC3860D7C2322CD8BBB40013F7826643D9F1E6449149E9C5FC31E9717CE4927BB768BC92FA74A64B0D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A../.../.../...,.../...*.../...+.../....../...+.../...,.../...*.../......./......./.=.&.../.=..../......./.=.-.../.Rich../.........PE..L......b.................f...........K............@..........................P......_U....@.................................`...x.... ...................*...0......H...p...............................@...............T............................text...ge.......f.................. ..`.rdata..^w.......x...j..............@..@.data...............................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\d3dcompiler_47.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3466856
                                                                                                  Entropy (8bit):6.444422172074855
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:PyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ6:E9fWAwVBC8MH2JNSF8+YPsXqUT6
                                                                                                  MD5:C5B362BCE86BB0AD3149C4540201331D
                                                                                                  SHA1:91BC4989345A4E26F06C0C781A21A27D4EE9BACD
                                                                                                  SHA-256:EFBDBBCD0D954F8FDC53467DE5D89AD525E4E4A9CFFF8A15D07C6FDB350C407F
                                                                                                  SHA-512:82FA22F6509334A6A481B0731DE1898AA70D2CF3A35F81C4A91FFFE0F4C4DD727C8D6A238C778ADC7678DFCF1BC81011A9EFF2DEE912E6B14F93CA3600D62DDD
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q...0.X.0.X.0.X=.DX.0.X=.EX.0.X..DX.0.X..FX.0.X.0.X.0.X..@X.0.X..EX.0.X..AX.0.X..XX@0.X..BX.0.X..GX.0.XRich.0.X................PE..L...n..R...........!......1.........7.0.......1..............................`5.......5...@...........................1.u... .2.d.....2.@.............4.h<....2....p...............................h...@.............2. ............................text...%.1.......1................. ..`.data...<.....1..^....1.............@....idata........2.......1.............@..@.rsrc...@.....2.......1.............@..@.reloc........2.......2.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\imageformats\qgif.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32888
                                                                                                  Entropy (8bit):6.346916120757264
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:tUloNMPxQCjXHAjBrqzhG+2iDG4OeEUX0OGthZNkmzh:tUSSjXyqtV2iDG4OeE00OGthfl9
                                                                                                  MD5:A7D24E2226FF09208E22FC6F70BF0DE7
                                                                                                  SHA1:D183A06CAAD8E22B8A3B3DBEBA07E6B43D0D8AF6
                                                                                                  SHA-256:6356257682FB64D28AD68DEBEA96E1A0104C273E8838953459A110933F0A84BE
                                                                                                  SHA-512:017F52FC7069950F1A125F866057739E121525510232595CFDBC7E420BFF6AE1F1E72E3473FADC2A7A8A6A8C632B8B9781639A3F6408AAFB55C65DFBC89A16B8
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............V..V..V..8V..V..W..V..W..V..W..V..W..V..W..VK.W..V..V...VK.W..VK.W..VK.TV..VK.W..VRich..V................PE..L......^...........!.....:...0.......?.......P.......................................`....@.........................p\..t....\..........@............j..x.......`...0T..T...................,U.......T..@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data........p.......\..............@....qtmetads............^..............@..P.rsrc...@............`..............@..@.reloc..`............d..............@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\imageformats\qjpeg.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):372344
                                                                                                  Entropy (8bit):5.643261443998488
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:FxR84U9TnBEMOMiotCktRTcsLUaEL3lsVTFlXZVctk3cl/m8Zv:FlUFYktRfaslPwv
                                                                                                  MD5:35AA301AF3284B1349C4229B8937C895
                                                                                                  SHA1:C14051DA721E891A28EA2D4EE23678B7048D4324
                                                                                                  SHA-256:8A7B522660C91AA5463C5A9534C9B4959E3055448E6B9428ED8F1352549B088C
                                                                                                  SHA-512:A023A17A6AE626269B851C4E4BE15CA1A860E357036697201510F890FA3BD16B45D786011C2DF452183DBF6941DB21B7CAB88D6F54A6D08F3826E51AA1C65F2D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................(...........(.....(.....(.....a.......>.a.....a.....a.....a.a...a.....Rich..........................PE..L...M..^...........!................[.....................................................@..........................u..t....u..........@...............x............l..T....................m......(m..@............................................text............................... ..`.rdata..............................@..@.data...............................@....qtmetad............................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\libEGL.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21624
                                                                                                  Entropy (8bit):6.335138990058209
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:sMzcGfljVpowLjd265DovnfePPLTTjakP:7cmHpowLjM6ZovmzB
                                                                                                  MD5:E0E4011346A86083A0EC8EB01136D0BA
                                                                                                  SHA1:B9FB0D74C5CB3749D1838CAC43F08F6718216970
                                                                                                  SHA-256:411966CE4F8FEBB2FE3AB84B97ED9FB9062AB60C6211FC3B3E4A25A5EE607ECB
                                                                                                  SHA-512:959708C61CDA4E51074C29B23ADD0AC5F2EB86EC5C6128EE35214D7130D94A8A85BD97697DC0F447A1BFAFB886E995BF6E63E0FE56BE182ABCDE60EDE9C13F43
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?O0.{.^.{.^.{.^.rV..y.^.C_.y.^. F_.y.^.C[.p.^.CZ.q.^.C].z.^..@_.x.^.{._...^..@[.z.^..@^.z.^..@..z.^.{...z.^..@\.z.^.Rich{.^.........................PE..L......^...........!.........*...............0.......................................|....@..........................5.......>..d....`..H............>..x....p.......1..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....rsrc...H....`.......6..............@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\libGLESv2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2925688
                                                                                                  Entropy (8bit):6.529644561772599
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:eOqGmGKva4l6Q35w+wt0fU6tNPnIQQVe1ebDrSsfS1ke:nUlfJw+jPtZnPQVe1eg
                                                                                                  MD5:CB9B4E963A78FBFB70E13BDF30509235
                                                                                                  SHA1:51F79DDFE15E18439E0F9B9291FB389378788235
                                                                                                  SHA-256:DE7DABF9C1BC8D0BF448EFAE15F9FBB32FA3BCD0DC676F1F7696B8DE0662B6F4
                                                                                                  SHA-512:FAB47EA198A92E595E97EC00C1A7BF7F28140812C1AD3B858BECBA0D90581B36BDF9A5308037BE01234B299ED30F9EB76D654D594D239897EA7226BF71C6C017
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a...............x......4m......4m......4m......4m.......h..............}n......}n......}nc.............}n......Rich....................PE..L......^...........!.....r"..&.......{ ......."...............................,......C-...@...........................)..\..dM*.......+.P.............,.x.... +. ....o'.T....................p'.....ho'.@............."..............................text....q"......r"................. ..`.rdata........"......v".............@..@.data........p*......T*.............@....rsrc...P.....+.......*.............@..@.reloc.. .... +.......*.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\libcrypto-1_1.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2572288
                                                                                                  Entropy (8bit):6.228854695457455
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:zjx8dBGfQB1u9mNSFOOSv0M+8F4lg1CPwDv3uFZjNsr:zjx8XGoPOXM+8j1CPwDv3uFZj
                                                                                                  MD5:D588D5B4162D2C66071A171A903AC8A1
                                                                                                  SHA1:609014CAEDBCDBEC2545183519A7F9949838BF52
                                                                                                  SHA-256:F1B06DB34B6BC09738FA66AC2103F7F47BA58F9BB6D1A518112F42846B6DC8EA
                                                                                                  SHA-512:C6238D1692589EAC2AD15A79817D2CFC068DB0EC6FF77F543C5837DEDDF1E4CFFCF9C851FDB30AC295384B74397E218C2E5F5D60BFA132E5F6C7A23D314E468C
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..E=.h.=.h.=.h.4...).h...i.?.h...m.6.h...l.7.h...k.7.h.).i.0.h.=.i...h.=.h.*.h...l.J.h...h.<.h....<.h...j.<.h.Rich=.h.................PE..L...b9!`...........!................'f........................................'...........@..........................#..f....&.h.....&.|.....................&.<...p.#.8.............................#.@.............&..............................text...V........................... ..`.rdata..T...........................@..@.data...8\... &.......&.............@....idata........&...... &.............@..@.00cfg........&......<&.............@..@.rsrc...|.....&......>&.............@..@.reloc........&......F&.............@..B................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\libcurl.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):395840
                                                                                                  Entropy (8bit):6.649489147346388
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:TmSw8G4TKuYmtegamcAWcim56NweeJRm5uDQqTDKuO7EKTzzsGY:ySJPYmIvufm5uDQ1TY
                                                                                                  MD5:E5064ADFBC48E3FB81F09E7B8E78D49D
                                                                                                  SHA1:887FD08CB3C2989A9D88ADC9717D3EC00AB97462
                                                                                                  SHA-256:4BFCAEE356CF1B99D3DBC03D42018FCFC29271C6A72B373343D24C45A7569489
                                                                                                  SHA-512:0ADB6675AD6DE574C4CDBA3E48CBB37901E6E8EF37A92B481D441A6DAFE2726BB9432B7DB7612040FF30EC490D8EBDC0EB8BDD1AD58B9BB53EAB905934679A93
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W...>...W...7...W...X...W.....].W.......W...V.p.W.......W._....W._.....W.=.....W._.....W.Rich..W.........................PE..L....>.V...........!.................................................................................................z.......o..d.......................@.......x3..................................Po..@...............d............................text....{.......................... ..`.rdata..............................@..@.data....-..........................@....rsrc...............................@..@.reloc..h;.......@..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\libssl-1_1.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):535040
                                                                                                  Entropy (8bit):5.7142547623734785
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:OYS5Z/y5LERhWYyimYkZtmjQ95sU2lvzg:OY4pyVIkKjKyU2lvzg
                                                                                                  MD5:4A1BD71115017098E6B75570A61B6DC3
                                                                                                  SHA1:C8B54B50091CCE9F963EE6CC4E91DF328C564C9E
                                                                                                  SHA-256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
                                                                                                  SHA-512:1AE19F5FA4AC2559AC910824A159A2265BE1B895EF56E8D7F7A5A999DA198F01FD0536534BCD6A6039DABEBA74D2A308FF137D5A699892C3C8C0CD5B84EF3266
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............y^..y^..y^...^..y^..x_..y^..x_..y^..|_..y^..}_..y^..z_..y^,.x_..y^..x^[.y^,.}_..y^,.y_..y^,..^..y^,.{_..y^Rich..y^........PE..L...d9!`...........!.........0.......".......................................p............@..........................*...N........... ..s....................0..,6......8...........................@...@............................................text............................... ..`.rdata...h.......j..................@..@.data....;.......8...h..............@....idata..*A.......B..................@..@.00cfg..............................@..@.rsrc...s.... ......................@..@.reloc...=...0...>..................@..B........................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\lum_sdk32.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6217208
                                                                                                  Entropy (8bit):6.070211079857083
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:EDZ+V+Dhx32N7bK4tpJ5+8kRJ0o+dEZCNuIO:E8V+1x32N75tpJ5+8kRJ0BE84IO
                                                                                                  MD5:EA7ED078C57A91C931B9456385274F98
                                                                                                  SHA1:1B03A46A6F9C3AB0729F72BDFFD27AE341F0264D
                                                                                                  SHA-256:45EB78E11449D6BEA6D986C0DF46F353061DFB2BF7721146B297ABF652673603
                                                                                                  SHA-512:E339859EE994DCDB91D2ECDC01FC442F03F99C48E7662987D04D3B6FA2DC2F6143DC4F9990BE3A17997C4906387EB283982CF05ECD9737D4F04122BC93EABD90
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..h..;..;..;..v;4.;..H;..;..w;..;.Ix;..;..;..;b.v;..;b.K;..;..L;..;...;..;b.I;..;Rich..;........PE..L.....Uf...........!..........[...............................................^......._...@..........................Q......0g..x.......p.Z...........^..Q....^.$.......8....................H......XH..@...............\............................text...N........................... ..`.rdata..>...........................@..@.data...l:...........`..............@....tls.................t..............@....rsrc...p.Z.......Z..v..............@..@.reloc..$.....^.. ...l^.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\net_updater32.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8401400
                                                                                                  Entropy (8bit):6.343180422651724
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:196608:Nb7gZJYED6cMBHwexEiElQ8V+1x32N75tpJ5+8kRJ0BE84Ik:Nb7gZJYED6cMBHwexFE2ti5E8g
                                                                                                  MD5:4838EAD50C839748321DCBE06D387488
                                                                                                  SHA1:D97BD40782EDB8534CD5BE9C09BA60071C9F95F3
                                                                                                  SHA-256:001CB459AD0D0A9DB55707A5545EFDAC5706920D6C8FC1B6F19788F807114EFE
                                                                                                  SHA-512:672E49CF0CF5A1121D18A93945A7AB9D0E8AB153E960D1A60D8FBF58F1A55C09EFDA206595C401BCF6F6626A0AA76672037BB22D8C76FB63D5560AA72E25C0FA
                                                                                                  Malicious:false
                                                                                                  Yara Hits:
                                                                                                  • Rule: misc_pos, Description: unknown, Source: C:\Program Files (x86)\DriverHub\net_updater32.exe, Author: @patrickrolsen
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yod(...{...{...{.v.{...{...{...{...{...{...{...{...{...{.j.z...{.j.z...{.j.z...{rx.{...{.j.z...{...{<..{...{...{.j.z...{.j.{...{.j.z...{Rich...{........PE..L....Uf.....................Pi...................@..........................@....../....@.................................|...,.... .8.^..............Q......H/..@w..T....................w......h...@...............@...L...@....................text.............................. ..`.rdata...........0..................@..@.data....O..........................@....rsrc...8.^.. ...^.................@..@.reloc..H/.......0....~.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\opengl32sw.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):15995904
                                                                                                  Entropy (8bit):6.353584600934879
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:393216:rNkEXgt/UOdyRLjqkmbBDrta60HYUnuedxO0g//NuPyEMO32ovq:rN1QtXdyRLjqNbBDrta60HYUpO0Q/NuZ
                                                                                                  MD5:8B197F55264A44B7B25046F7BA5BD7D2
                                                                                                  SHA1:CEF69E168160968E00FFFFA136E1AF7819E7C0CE
                                                                                                  SHA-256:25AE7577E066FA80519A8F1C314B15CDD22E4A8D3ECD2A36ECCC79E40714A91D
                                                                                                  SHA-512:6AF2B1B17A7E3460099359A6750221AACB8F9CE0E80B346DBAFD2CBD8E579543B980F98E0AEB199E0781A045C9D6A7F2F11C8628F960C13550328487B7FA9154
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l%..K...K...K.......K.......K.......K.;.....K..PH...K..PN...K..PO...K.......K...J...K..PO...K..PN.I.K..PC...K..PK...K..PI...K.Rich..K.........PE..L.....`W...........!..........H......D....................................................@..........................v.....t...........................................T...........................X...@............................................text............................... ..`.rdata....<.......<.................@..@.data...pp... ......................@....gfids..............................@..@.tls................................@..._RDATA..............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\platforms\qwindows.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1240184
                                                                                                  Entropy (8bit):6.834178641612678
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:X3egriwnmpC67XXG3dD05X3+sB/ChoVPAQmbZUTDd:Xm43WxL6uTp
                                                                                                  MD5:1E6793D71EB9DEB7AD943AABBBB17240
                                                                                                  SHA1:0132E7D887C4F6F4C41D5E685644FD8C700D87FE
                                                                                                  SHA-256:6B9E0CC5F72B8FDDD16AE0EF7A14E64BC0EAFCDB4D5F74B2C12194241D66407D
                                                                                                  SHA-512:E681370CDA413C90ACE86D48F7C769CA1121E55688EDDB6C46750F362498F30AA7FD5A7E1FE4FACD2BC8A2598F0BB37847B634C05963EAFBA6F0A8048B777D89
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;...............v.(.k.....j.....u.....w.....{...$...|...$...~.....{.....X...$...j............6.....~.....D.~.....~...Rich............PE..L...j..^...........!.........n......z........................................P.......Q....@............................x...X........p..H...............x........... |..T....................}......x|..@...............h............................text...[........................... ..`.rdata...@.......B..................@..@.data....Y..........................@....qtmetad.....`......................@..P.rsrc...H....p......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                  C:\Program Files (x86)\DriverHub\x64\Installer.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):181424
                                                                                                  Entropy (8bit):6.355178616059097
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:cTfhJ/yAmYYG6o9fKoGQt6/qzEK1COmIi0RKvmkBajnd:c3mYMo9iabVfiUZ
                                                                                                  MD5:54E9828639D39704DE9ECC955A71EFE1
                                                                                                  SHA1:110AFF5704E13B9F81414D084D92054F3A28D970
                                                                                                  SHA-256:D08D70E7059021C98E7DC1B2ED1AC3649DE214D426060DBF8B61E9BAC427382A
                                                                                                  SHA-512:3715F9A8D167AD760EAFAEF8D3EBE6A9F548CEC252DFB18D3BF149DB60C83BDC4FBB5FBAB6B9B05A0EDA4DE9C1471C34549CF35AB6114599CA4E4BF3BA63EC6A
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........QX..06..06..06..[2..06..[5..06..[3.k06._...06.E2..06.E5..06.E3..06..[7..06..07.06.@E?..06.@E...06..0...06.@E4..06.Rich.06.........................PE..d......b.........."..................O.........@....................................'.....`..................................................o..x...............D........*...........K..p...........................PL..8............................................text.............................. ..`.rdata.............................@..@.data...P............f..............@....pdata..D............r..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                  C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (517), with CRLF line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):18720
                                                                                                  Entropy (8bit):5.180113205034667
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:mvsRMHB71IFZpPsZ3lkhQRAu7rcZDjEzWDo163FDqRjNUC5jZkTjgj1j4jgjN:uEED48ZMQRjNUC5jZkTjgj1j4jgjN
                                                                                                  MD5:C56F5C1913FC635AC4300394353A6DCE
                                                                                                  SHA1:6C26D5AE3AA5E061CB084F61D46ED2A8F33E99C5
                                                                                                  SHA-256:F7B7FC31228108941500357B9605B64B7B58027655A87CE7E085E08F98AD4FC4
                                                                                                  SHA-512:5BEFB387663B9DE4F32E68D1B4C069D38F6FA219FAE88D66377CAAFEA6E3CBB0203D8C27198E5D1D6E781C578C49DEAEA9EB848AA23FF91D4E1DDC5F1B92C800
                                                                                                  Malicious:false
                                                                                                  Preview:.[2024-08-14 10:24:37.566] [info ] [sfxinst ] [ 7148: 7128] [F8CC93: 992] --..[2024-08-14 10:24:37.566] [info ] [sfxinst ] [ 7148: 7128] [F8CC93: 993] START: Avast SFX stub executable..[2024-08-14 10:24:37.566] [info ] [sfxinst ] [ 7148: 7128] [F8CC93: 296] Entering SFX stub guarded code section...[2024-08-14 10:24:37.630] [info ] [sfxinst ] [ 7148: 7128] [F8CC93: 395] Running SFX 'C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe'..[2024-08-14 10:24:38.703] [info ] [sfxinst ] [ 7148: 7128] [F8CC93: 629] Moved extra data file 'ecoo.edat' to 'C:\Windows\Temp\asw.b569351eb821d9a8\cookie.bin'...[2024-08-14 10:24:39.952] [info ] [sfxstats ] [ 7148: 4336] [9A143C: 149] Statistics sent successfully...[2024-08-14 10:24:40.021] [notice ] [burger_rep ] [ 7148: 3736] [DC075C: 64] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-08-14 10:25:13.134] [info ] [sfxinst ] [ 7148: 7

                                                                                                  C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):142
                                                                                                  Entropy (8bit):4.658861802177515
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:VrH9+KDew/B44RfF1F+SCFCFCvg3IKRHRoWnB6TewtAocv:99nL/OcvEzg3IKw6B6Tjy3
                                                                                                  MD5:7B756D0D77589887A4797ECAFF48D39B
                                                                                                  SHA1:2975B888593A04B66265CC4CE35F6E6A391E3BC6
                                                                                                  SHA-256:824D81E5C3BD1D1AB186159F15318036CB2C89DC198014C9EE64225CE48F1CA6
                                                                                                  SHA-512:9B48C7DE25308F8601EC6AA45A7C58CD687494480CCCCBAF65F9E9E21027B2BA31F88F2697E28B64BF7C07BE4D87FBF5D2CFE5272FC05927B8DD3C9D7EA8BD0E
                                                                                                  Malicious:false
                                                                                                  Preview:.[2024-08-14 10:25:18.724] [info ] [burger ] [ 6824: 3208] [C9898C: 55] Storage path was not set so neither stored events are read...

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\20240814_102614_perr_uuid_update.jslog

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):933
                                                                                                  Entropy (8bit):7.764503828034156
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:Bgp9thIfSB+DKIeUJxAHl/q+k4rQfiiorLRojiBvOdPRwFFWPwaopEWPGfZf4JMo:BgpxFqbAFybGdi2VGZAKUGxRgmw
                                                                                                  MD5:9BFC7F04FB9791267B898C510460C9D1
                                                                                                  SHA1:005B530E3C9DACB13924667FAD3D513B843903AA
                                                                                                  SHA-256:CBDF3EFEFCB9B6A3754688D9062EDA65C6652A06A34BAB306819DE59343F589F
                                                                                                  SHA-512:7E1BAAFD2329D5A54E8E7DE4841273018FBD146CD90D5C8D9E5F5A481D2B82C39E86B728F401F1FF4DD3207502088F4CC781AE435F2873EB9D1A03A94383E3BF
                                                                                                  Malicious:false
                                                                                                  Preview:..2.d.;_FW~7g.}[r.Jo.......n+..0...K..._.}.l..&...,.N.R...K..~...B.eh..M;.A'!.\;.}.>...8).._,..y.yB^...C......;.0...w].0...s....Y........IzG.H!:....e.#.yLU...P#w|ad.!..(@....6'.'.S.n.e..].\G*..93....S<v>..G...........3..&7q.tx..Ov.y.1.|l /.h.-:fl.......L..Rk..."|.:.......9p..8.g..-....D..#...lNeq..q...K....8..[..>.I....jz....L....Y.[m...\.J.a..~S......6.~!Hi.....%`y.;t....N..J.n.L..W..y'..).../.lJL........i...@.-.;.0..]4..}..Z...d.z.&.l..rK.r...!....P(.G[....a.Q...(..j....X.UG#IRp.Ad....t.v,k.o.n.J.~..<.y]w.....\Q...f....p.&V...!.f%.F%..7.1..C(q.+.........S..+u:'(..Ri.!...P..W..C..x......+H......}......b@h..."...f....K ._.Y......Ny.\..gY.xat.?.....Kq.a...h....I..}.........?i....J.Y...t....L...r\.}.....D....,....V\.....J.2..$..[.l..&._.av..C~w.R...@.j.?j..A.a.>.+bQ..C...P>..a".Q#..J..z....R...I..'&.=.......WF..!....1.M.....a.z33.>........o.j."....A.........6..j.LQ..9j.... ..:

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\20240814_110823_perr_conf_update_direct_success.jslog

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1322
                                                                                                  Entropy (8bit):7.848245190809299
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:BLVx5mhB1Ty+QGywBk6johYbFe7mZg+hKm7uu0fqraoph7onuw5QpzOq2K/6Zu6u:BLFmhry8yj6j6se7IhHH5P76K/O9I4AL
                                                                                                  MD5:75BAEADCFCD67642FD0A2179F772F469
                                                                                                  SHA1:07F46BBA381E6B48679DD07952BBB1F19D04FB0E
                                                                                                  SHA-256:D6737E73037C6D9A4D9BAFCAAFBC422C30750192DC069A1BE0D650F47F7F1649
                                                                                                  SHA-512:F1C844249B1C94A1BB0043B67DCEF3B33A07D34BB5884471A9F126D874618B06C9B4D8B2502E3F94A0393E9E80A4450507EABC15797A242516FABA99803A578A
                                                                                                  Malicious:false
                                                                                                  Preview:..2......&F*..*..$....t|......U..s..J*.\..`.@...'.z0...m.....T.>........j..W.v.DJ....AnK0.t.d....Y....La{.W..uB..,[.6iG&.s.....43..)X ..q7..2Q...&.-HG..y.0.T...YXPB....r.W!....#.....`"......A...........!.4.t-.;v.Bg...&V......]%..8.......Q.-..dt...g.'unB.....mS.H..3 J....n.G....}'..s+6..?|....p.xF......./...l+..x.9.,Y46..y.@.8...~g..{.......l....W.....n...9SiV.h]..\.{.~,..X.!.QX...W...w..$.._.3y.m..Px..Y.;a.....c.......Y..g..`..Rc_.x~.@.f.x{.l.1.W].......g......3|.....N..%*6...`.~..5.F.Q...Y...~..[....u.d......6.Yf[.-2I....q.u...d...c..e......;..A..lWr>..%..J|....&yD....w.....^.Z.@.sAh.:5P...N..UB.....o.6=...oM....[.F7.@_.%........6qI...E@...GS...$..&9.5!....I'j...\...*d.8.q..\..b.6.).......e.<'.\..5_.Y.H.1.q.....$..... .{*.i....s.EI.........b9S.uM(.^..Ov..%.. ?5G.|^...,...6nB|.|.~.m.R-....S]9.....&........G.a.bO.9h/6X..-_ W...L...8...#....J.U.[.z#}. ...Or....),..^.p...w..Q...6.jM!N&..l.A.[........V.w...G....oq.FS......../D.'.....\H

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\README.txt

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):281
                                                                                                  Entropy (8bit):4.5653366452392214
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:4mHfka7UeAaMZKRLTKop1dHyLdyAawFxweuxDUEFBmHNZ7KfiAfn:/kaZdM0kood+wI9LBOZ2bn
                                                                                                  MD5:540AA403E48504AFB32836CF9706B2FC
                                                                                                  SHA1:0B2D48257D0FBD6401D87CAF0FCCE244BBF71554
                                                                                                  SHA-256:24FE06A383CC95BBC245E3EEDD20354FA7EBD32879302EDEDD721F26779CD8A6
                                                                                                  SHA-512:F70D874CA1539922A4E3938C4C63E678C7C09ADC9A43C78F576F5F46C73FA0F7C4974301FC8CC87EFB9A1EA3D2F10B5581EED181CB935F319589303CC4D8F2CE
                                                                                                  Malicious:false
                                                                                                  Preview:.This directory was created on 14.08.2024 during the "DriverHub" installation process...The files in this directory allow you to unlock certain features in "DriverHub" for free. Please do not delete or change them...This directory will be deleted when you uninstall "DriverHub"..

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dll

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4956152
                                                                                                  Entropy (8bit):5.665187093924865
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:tNVEAGlOGZVaJHNNzjmX7/EtHb/FB5RaD2+ejVOMf4CLj22BWf7bK4tpJ5+8kRJZ:vDZ+V+Dhx32N7bK4tpJ5+8kRJ0o+dET
                                                                                                  MD5:695D468937F058F373463DE015D4E0AB
                                                                                                  SHA1:15DC1B7F3EA3B9DD2D283FDD1DFFBBDEC8E88DDD
                                                                                                  SHA-256:68BA91E5139E217607E970D2C6116FFF85BFE3F977360067DCFD6BEB1F67C6CC
                                                                                                  SHA-512:A5043F1B1C611AA03B556CD55DC99C438D6D45C3D92CD885F952C65AFC359F355E2BA59F315BF79B9D8CBC9640FC3D76D7430A22D638CE58D74655132770036D
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk32_clr.dll, Author: Joe Security
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..W...W...W."~....W......W......W...V...W.......W.......W.......W.......W.....W.....W.......W.......W.....W.Rich..W.........PE..L...[.Uf...........!.....<....K.....\K.......P................................K......KL...@.........................p...........P....@..02J..........NK..Q....K.4....P..8............................Q..@............P..............(Q..H............text...b;.......<.................. ..`.rdata..l....P.......@..............@..@.data........0......................@....rsrc...02J..@...4J.................@..@.reloc..4.....K......JK.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\brd_sdk_app.log

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3511
                                                                                                  Entropy (8bit):7.861014216438658
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:+Ibx3Vnv40k/DAuM25bNk6BV/LjuxU8Dg+t0lbbylgOj9qWSbB:Vx1vr8M25bNk67jjj8DdsbbyGRbB
                                                                                                  MD5:F62577ACD495A70E75F8D0B7BBDAADF0
                                                                                                  SHA1:EF2A09285054AEC38588696074C8C3E643F0F34F
                                                                                                  SHA-256:C884DFB9183AE458D1392C653EB6AABBC3164A987DD7AA702CDA3E26C506335A
                                                                                                  SHA-512:1BC828B0752C44CA610B092D7B24B27EF4008335E4A2135996FB09549E852E37C009192ED48E3AEA1C7B96A4E14F8764BBFE7FECE79A1D13A0EE0716BC9FA123
                                                                                                  Malicious:false
                                                                                                  Preview:Bright SDK logger..Build version: 1.463.822..OS version: Microsoft Windows NT 6.2.9200.0..Timezone: Eastern Standard Time (UTC-05:00) Eastern Time (US & Canada)..Build date: 28-May-24 11:11:43..Makeflags: DIST=APP RELEASE=y TOKEN_SIGN=y CONFIG_WIN_SDK=y OBFUSCATE_SDK=y CONFIG_BATREQ=y CONFIG_BAT_CYCLE=y CONFIG_BAT_PLATFORM=app_win64r_obf..Process: 3748 (admin) (elevated)..Consent: NONE (2024.08.14 10:28:14.000/NONE) (ORS8yMDI0LjA4LjE0IDEwOjI4OjE0LjAwMC9OT05FTk9)....2./)M.o.Q.'.$.p......V......POo.p.:..o.....}.w.C.I.W.Z.Z.P..{..T.^.....<.. g.Y..;..._..v.>.Q?.....Q1.P%E#.d..2...s.>. Q...W....<.3.$.V.....{a..x.....d..........0.. M...b....r.{..e*......2...@C..>..C..8.....CS......V.K....5...h..6-GZ..1M!R...1o3...>{....X7...N.....si...y.R..2.C..).t...m...4@...W...9rU.R.eY'....!..b.......,/...+....N....I....a.J.e4.5....?i.!.Qq..sS.s..L.z]J/PG.&...2...HS.!..h...E.....tGG.........p...(..W.od..gi+.[l.H..6.......'.Fc.w.5..z..{.....a'.}|hvb...X(..|f...<.:j.

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\db\conf.json

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:modified
                                                                                                  Size (bytes):38912
                                                                                                  Entropy (8bit):7.995290023828633
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:768:5zozc9eIVoM+DkkZnO3Y3ZiZad3fPXTX3jlgNenAkcHizcLZ8WyepkZK:5cYDVoDZnO3YAoBf7TuNenJzcLqWoK
                                                                                                  MD5:125D30E1A501A339D780935440230FF1
                                                                                                  SHA1:71B163EA0D82D65C95C3F3C077C953A37DECF719
                                                                                                  SHA-256:0038FD58D8D0BF46C8D66277A3BB2321DECB1BE698BD53FCBB343AEB59EC02A1
                                                                                                  SHA-512:7B74A1DA8E851CA3D779D38461818E2472BB08E812CC7813A6B146C724068A2C38F12C6DAC4BB09399086E42DDB2A327605A9CE5C2C8474E753B02BECFD41BA6
                                                                                                  Malicious:false
                                                                                                  Preview:..2.ZS..|<._.....f....Y.,+..R..Z...K....{ ...z..)..Y...op.v....T..w..2.Dx.|....H.H..D...>"[.......w.4b..H...Kl....]cL.u..r..............<...h...za..._....V.E.W....W-Sy..wG.Z......Z..J.[.d.tq......|s.....X....>i...}....F....1..Hw..%.........T!..-.(.u#..+.B>.. .\'8.....?.E..-..q..c..Ct........-.u.4.Y..od'(B..m.*|b.k.....m'.'Xv........Eh.Rur.x.I....o..@.....4o.0..Q.....\.u.!..&c../u,C.B..pn......\..e;.....0...>...[ki]2.l.~...es:.|.......YV^-.i#............4.J;b..y....1K....$..4.....?..ln......Nq..@.a.|p]..R......9Fc+.]M..j...).+4.N...l.{.p.?...V6...k}*...l^F.VX.+...iA..{....$..p..fC.{.....0.....U.Ed9...p..dVk/..H...XxUY.2.=..._....t;.YC.@..1.....9.C..<dA.(...G.7.3.4...^l....8....tq.D..C.i.O.8~.u...`}A.7..$.z.|..N.V.,.xm$...X..{..l..N.k.ASv...6XD.z.?.5...j.Qy..........>....}..F~[.<....FH.ei...U.Il.........%t..q......x.....5..B.j.k..>.t..M....0.......l...S..L!~.lj.r....c+....9..(.r e.f:.9......)..8`..0.X..3./.OS...^.N.B/&.'$....J....o..0..0.<.

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\kbasnthasciateuhant98437uau

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:E:E
                                                                                                  MD5:0CC175B9C0F1B6A831C399E269772661
                                                                                                  SHA1:86F7E437FAA5A7FCE15D1DDCB9EAEAEA377667B8
                                                                                                  SHA-256:CA978112CA1BBDCAFAC231B39A23DC4DA786EFF8147C4E72B9807785AFEE48BB
                                                                                                  SHA-512:1F40FC92DA241694750979EE6CF582F2D5D7D28E18335DE05ABC54D0560E0F5302860C652BF08D560252AA5E74210546F369FBBBCE8C12CFC7957B2652FE9A75
                                                                                                  Malicious:false
                                                                                                  Preview:a

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_install_id

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33
                                                                                                  Entropy (8bit):3.518196301885718
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:0dSdOn8DDHf:0yO6
                                                                                                  MD5:66875A93A7CA9E08721C3171924599A7
                                                                                                  SHA1:4EA445FFDC93AB1049B9D3BA39C3659FF7D9652A
                                                                                                  SHA-256:9E1A4844C234EECAAFC704E4BE7C75AA3AEEDE4F164FF227A0487C72A4EEAF31
                                                                                                  SHA-512:BFC86CCBCB447EF1E49DD03F832B88FD62690EF8A6713644F0AF10BA6E97B9BD153E64B782717CB896F21ED9063412F202062CA9E6E454023D51787FF77A2D56
                                                                                                  Malicious:false
                                                                                                  Preview:a8871a8dd9faad4c8d322dc2f26f3694:

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_session_id

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128
                                                                                                  Entropy (8bit):5.605916187412378
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:oWAPOeUdX2IWa/vnycEmWcLA3hTOjhhSErxQDTfwAHTVO4kOiCg1h:oWgOeUJ2W/ED3FOj3CTfwiTVOiBg1h
                                                                                                  MD5:0679970C9DE5FA10B80C712F4DE90F7D
                                                                                                  SHA1:563ED4B17394A57549E5B0B2F3036F65D44F21D6
                                                                                                  SHA-256:638E53E57C49EC4A3AF4CC42CBD78DC833B768B9DD6F8AA96EF8CCD224401FFC
                                                                                                  SHA-512:0D71963DF9B3F99F308BED9A292C7B3E909625F1509C839483FDCEAAD5CD6751E9646A90CFB23CBFB894C9528578E3260DC470313DEC83C1D6D649A10226E392
                                                                                                  Malicious:true
                                                                                                  Preview:Q4xA0wueLDkkGiqd+/V4q+SpGWMILIz9sxMrAXBE4ar7qr1/B0XwP9aCVni2yneuxoD6WxH4DDLSEepKvjRT5Za893tKOMVVcxNebGxI0kgvHXckJejWVM/jEe5vAjZE

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\lum_sdk_session_id:LUM

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):216
                                                                                                  Entropy (8bit):5.748014892145332
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CXcAM+SVrnqfzr0qKgA+9oIDAIqhUhY77dyk7uCo3iqjUtcJwoUGN9JwWA81n0TG:azSqrWLID3qhUU83twn8R0Cxln
                                                                                                  MD5:11F25D50350CFD1D78BAB24D0112EA01
                                                                                                  SHA1:A82B4FB6A0F32DB4AF304D5CA8B095B1EC2755D9
                                                                                                  SHA-256:0DF16D5C6D5B5CDE83DBE95E9B9E2AF15E2D530FC9FEF55E7F56EF6094F90BD0
                                                                                                  SHA-512:D1C3834F7D6484955694DB6352A685AF67ED139843864819480B05B731C0BC0DFD7A269109EDA3ED39C33C0CB8359EF1393CA70E92F78F69DD0C5EFC394DF086
                                                                                                  Malicious:true
                                                                                                  Preview:rQ9MPmUSTQ84HyzSqD4ezAwh7plZpChrHqEuV+qynuOzLxNQOSo9/A0evdAI5pVZWQpyMq6vgPoseu9/h+xieHrVy0Icb77qYAqzd3lqn/G1E6jUcSgDxk8AqGKYIodVMbNfH5Od07B1CezkylUPLTvAUpv6pIK07VJppdNVeMUcdZmE6+WPysF0uJBB9x+Fm7IGz8WKH/B/zeTQ7CkiZg==

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\msvcr120.dll

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):970912
                                                                                                  Entropy (8bit):6.9649735952029515
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                  MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                  SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                  SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                  SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):31224
                                                                                                  Entropy (8bit):7.1199518453953194
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:60mqRxWRKEpYinAMxP3RsYiR3geAMxkEe:lmqRxWRr7Hx5s7dxi
                                                                                                  MD5:03BA6C3A52780D89BE563B7CD5668AD0
                                                                                                  SHA1:0B170FFBD37344F16D6867D82127F2250EA915F8
                                                                                                  SHA-256:250F6D006C754DF86CFD465A138D649C08387040752D5B552A33F3FF783E1212
                                                                                                  SHA-512:1CB87ADC1561C347E8D8B51DDF9095FCDD9FCBF641A603D5270C7BEFDB8364B9C40AEA8C4471CA49C277621AE0255DB0E8FCBEBB264C252562557D034FADA201
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Uf.........."...0..............7... ...@....@.. ..............................4'....`..................................6..O....@..$............(...Q...`......x5............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`.......&..............@..B.................6......H.......|!..t............1.......4.......................................0..r.......(.....(....s....s....&s....%~....%-.&~..........s....%.....o....%o....%~....%-.&~..........s....%.....o....o....&*...0..........r...ps....o....&..&..*...................0..$........{....,.*..}....r...p.s.......( ...*"..}....*..(!...*.s.........*..("...*2(#....o$...*J.(....(#....o$...*...BSJB............v4.0.30319......l.......#~.. .......#Strings........X...#US.........#GUID.......d...#Blob...

                                                                                                  C:\ProgramData\Package Cache\.unverified\cab54A5CABBE7274D8A22EB58060AAB7623 (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 824123 bytes, 11 files, at 0x44 +A "concrt140.dll_x86" +A "msvcp140.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 62 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):834339
                                                                                                  Entropy (8bit):7.997653805266825
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:12288:iESvOn+e4BpcHLO0eHku5ai12A7RLnAFmDAmKyVUnkrj7N0XlFKsN9XD904s1:bSje4rH0K+i15kEDfKlns7NUl8Wrs1
                                                                                                  MD5:A57EFC0AFFFDF914CBC76BB882CAD37E
                                                                                                  SHA1:732DBEF27C49C27D9F1C00EBA177EABC21650FB8
                                                                                                  SHA-256:C384DA7CC6EAD2CE054A67FDED26D7E4CFF2F981A83C64DE62E53864665E5F45
                                                                                                  SHA-512:AD2CFC0FD199FE2726FD18C0A5972185E8331FE49807CA6340212901DD61D30853E2C72015EE9BAC0425E287EF488190A245676173194FAFBF8F6FC7FBF9BABA
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF....;.......D...........................;....'..............>...P.........3X,. .concrt140.dll_x86.x...P.....3X-. .msvcp140.dll_x86.P........3X-. .msvcp140_1.dll_x86......B....3X-. .msvcp140_2.dll_x86.P.........3X-. .msvcp140_atomic_wait.dll_x86.Pv..h.....3X-. .msvcp140_codecvt_ids.dll_x86.p....B....3X-. .vcamp140.dll_x86.pZ..(.....3X-. .vccorlib140.dll_x86.px...-....3X-. .vcomp140.dll_x86..c........3X-. .vcruntime140.dll_x86.P.........3X-. .vcruntime140_threads.dll_x86.!.)..4..CK.}|.U...E..Ge....WV..P...$@)...R..M..i...."b.UX.j]Y.b..V@..h.q.j.......*j]..R]..&S23NX|.........r....3s..3..D..".....-".....I..g>5P.8..Z..W.*\....r...Z..x..k....X..k.9.Jo.k.....>......U.z..........8...YK.<...%.*..}YE.qe...X..H9...<^.........B.K}.y....M.._.u.4..q.F.&....".... .0.....H...3...V..q.MP...".c...o....^.!v01.!b....!.v.#..s.../....c.u....3.`Kz...WM........l..c..1...p".6Z...8......Hw.p...[.D.?....W.K9...>+uz..\.^.....1.G...&..........r..@xm..|n...`..."D.S".K..g4...Z.Q..+

                                                                                                  C:\ProgramData\Package Cache\.unverified\cabB3E1576D1FEFBB979E13B1A5379E0B16 (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 5167260 bytes, 14 files, at 0x44 +A "mfc140.dll_x86" +A "mfc140chs.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 323 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5177492
                                                                                                  Entropy (8bit):7.997816222199811
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:98304:310T9qeMt7UU5qai1jrZLsAoSIA+PTwQKrzd04mAp1dDbXN+52qKfYPh:F2LsUmC9t5IMQKrzCXy3XA5JKE
                                                                                                  MD5:4A17E4DA145FA1EA92A52266221AD628
                                                                                                  SHA1:F6304DE9D73609F6B9717D6A4D44EFD7AB7FFE9E
                                                                                                  SHA-256:9544ABBD46B39BEC491CF63076FB109306E519F303DF9CD583A28956172BF038
                                                                                                  SHA-512:DE9A6A1391070A9470F78208FF74120CFFD2A1E2580AF4ADD87914BA6DD27E07B092E66CAA847726E05EB5FAE0C1252681DE37F34B560D4D95F3B76F3599E16C
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF......N.....D.............................N..'..............C.....I.......3X-. .mfc140.dll_x86.P.....I...3X,. .mfc140chs.dll_x86.P....J...3X,. .mfc140cht.dll_x86..7..8rK...3X,. .mfc140deu.dll_x86.P.....L...3X,. .mfc140enu.dll_x86..3..h.M...3X,. .mfc140esn.dll_x86.h8..H.N...3X,. .mfc140fra.dll_x86.p0...(P...3X,. .mfc140ita.dll_x86..... YQ...3X,. .mfc140jpn.dll_x86......?R...3X,. .mfc140kor.dll_x86.P(...#S...3X,. .mfc140rus.dll_x86.xMJ.PKT...3X-. .mfc140u.dll_x86.pR.......3X,. .mfcm140.dll_x86.PR..8....3X,. .mfcm140u.dll_x86.z...4..CK..w..T.0.0" 8C(.R.X..6U..^..)...;..!.;.J'...w..C....."."..|...9.W.s......{V.Z.z.J.0.7...w.(.4\.|.E.D../.....O.E.~t...=1.-.....km...p....e...f.w.q..M.Hv.}.d...eW_3.a...0v.s.W................=.............NZ...L..T.......?3...>.L>...3..r...T....33.......{..M..a.~.u.Q.w.l..u.{O.rQ..$.E{...M.}..~<.T...Y..Q...{.s....p..Q..1Q4Y.2e...o....p.ye.p..R.I.S........oEQ.. .0.k........a..Rt...k.|....>X..Z...&]p....f...Q..~..j..}....k........ {

                                                                                                  C:\ProgramData\Package Cache\.unverified\vcRuntimeAdditional_x86 (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.383378429526644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                  MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                  SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                  SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                  SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\ProgramData\Package Cache\.unverified\vcRuntimeMinimum_x86 (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.37750026266588
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                  MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                  SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                  SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                  SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\cab1.cab (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 824123 bytes, 11 files, at 0x44 +A "concrt140.dll_x86" +A "msvcp140.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 62 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):834339
                                                                                                  Entropy (8bit):7.997653805266825
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:12288:iESvOn+e4BpcHLO0eHku5ai12A7RLnAFmDAmKyVUnkrj7N0XlFKsN9XD904s1:bSje4rH0K+i15kEDfKlns7NUl8Wrs1
                                                                                                  MD5:A57EFC0AFFFDF914CBC76BB882CAD37E
                                                                                                  SHA1:732DBEF27C49C27D9F1C00EBA177EABC21650FB8
                                                                                                  SHA-256:C384DA7CC6EAD2CE054A67FDED26D7E4CFF2F981A83C64DE62E53864665E5F45
                                                                                                  SHA-512:AD2CFC0FD199FE2726FD18C0A5972185E8331FE49807CA6340212901DD61D30853E2C72015EE9BAC0425E287EF488190A245676173194FAFBF8F6FC7FBF9BABA
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF....;.......D...........................;....'..............>...P.........3X,. .concrt140.dll_x86.x...P.....3X-. .msvcp140.dll_x86.P........3X-. .msvcp140_1.dll_x86......B....3X-. .msvcp140_2.dll_x86.P.........3X-. .msvcp140_atomic_wait.dll_x86.Pv..h.....3X-. .msvcp140_codecvt_ids.dll_x86.p....B....3X-. .vcamp140.dll_x86.pZ..(.....3X-. .vccorlib140.dll_x86.px...-....3X-. .vcomp140.dll_x86..c........3X-. .vcruntime140.dll_x86.P.........3X-. .vcruntime140_threads.dll_x86.!.)..4..CK.}|.U...E..Ge....WV..P...$@)...R..M..i...."b.UX.j]Y.b..V@..h.q.j.......*j]..R]..&S23NX|.........r....3s..3..D..".....-".....I..g>5P.8..Z..W.*\....r...Z..x..k....X..k.9.Jo.k.....>......U.z..........8...YK.<...%.*..}YE.qe...X..H9...<^.........B.K}.y....M.._.u.4..q.F.&....".... .0.....H...3...V..q.MP...".c...o....^.!v01.!b....!.v.#..s.../....c.u....3.`Kz...WM........l..c..1...p".6Z...8......Hw.p...[.D.?....W.K9...>+uz..\.^.....1.G...&..........r..@xm..|n...`..."D.S".K..g4...Z.Q..+

                                                                                                  C:\ProgramData\Package Cache\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}v14.38.33135\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.37750026266588
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                  MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                  SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                  SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                  SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):650080
                                                                                                  Entropy (8bit):7.2212720110363735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:fnMwHskY7gjcjhVIEhqgM7bWvcsi6aVl/IyiJGvJtg2t/JgM:vMysZgjS1hqgSC/iz1fiJGvJtxhJ
                                                                                                  MD5:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  SHA1:41EDD6321965D48E11ECDED3852EB32E3C13848D
                                                                                                  SHA-256:D4C6F5C74BBB45C4F33D9CB7DDCE47226EA0A5AB90B8FF3F420B63A55C3F6DD2
                                                                                                  SHA-512:D85AC030EBB3BA4412E69B5693406FE87E46696CA2A926EF75B6F6438E16B0C7ED1342363098530CDCEB4DB8E50614F33F972F7995E4222313FCEF036887D0F0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                  C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\state.rsm

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):952
                                                                                                  Entropy (8bit):2.6547649219419007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:7ZK34pgMClGttDa+xU9TRqi2ttun2QvQ1eg2un2QYQ1eg:lKUgMClccTRuE4E
                                                                                                  MD5:E85F965E5F7B5F90BD4061993B4AF3B4
                                                                                                  SHA1:82723689CF774DB6377290BCCDB4D165C77105B9
                                                                                                  SHA-256:1FCABC8C284707BD90800DB9D4A9388B631524E996701A288611B1F73836A262
                                                                                                  SHA-512:7116F1F44C521D2F624959B1329EE3CC2EF3250853905A5930CF1AF8D22295B554783FF59CD60BEC23ED81388FA38659FAB62C55151883C9BF2ECD714D4753F7
                                                                                                  Malicious:false
                                                                                                  Preview:J...............................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.................................W.i.x.B.u.n.d.l.e.N.a.m.e.....B...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...3.8...3.3.1.3.5.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....>...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.r.i.v.e.r.H.u.b.\.V.C._.r.e.d.i.s.t...x.8.6...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r.....-...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.r.i.v.e.r.H.u.b.\.................................

                                                                                                  C:\ProgramData\Package Cache\{9C19C103-7DB1-44D1-A039-2C076A633A38}v14.38.33135\packages\vcRuntimeAdditional_x86\cab1.cab (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 5167260 bytes, 14 files, at 0x44 +A "mfc140.dll_x86" +A "mfc140chs.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 323 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5177492
                                                                                                  Entropy (8bit):7.997816222199811
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:98304:310T9qeMt7UU5qai1jrZLsAoSIA+PTwQKrzd04mAp1dDbXN+52qKfYPh:F2LsUmC9t5IMQKrzCXy3XA5JKE
                                                                                                  MD5:4A17E4DA145FA1EA92A52266221AD628
                                                                                                  SHA1:F6304DE9D73609F6B9717D6A4D44EFD7AB7FFE9E
                                                                                                  SHA-256:9544ABBD46B39BEC491CF63076FB109306E519F303DF9CD583A28956172BF038
                                                                                                  SHA-512:DE9A6A1391070A9470F78208FF74120CFFD2A1E2580AF4ADD87914BA6DD27E07B092E66CAA847726E05EB5FAE0C1252681DE37F34B560D4D95F3B76F3599E16C
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF......N.....D.............................N..'..............C.....I.......3X-. .mfc140.dll_x86.P.....I...3X,. .mfc140chs.dll_x86.P....J...3X,. .mfc140cht.dll_x86..7..8rK...3X,. .mfc140deu.dll_x86.P.....L...3X,. .mfc140enu.dll_x86..3..h.M...3X,. .mfc140esn.dll_x86.h8..H.N...3X,. .mfc140fra.dll_x86.p0...(P...3X,. .mfc140ita.dll_x86..... YQ...3X,. .mfc140jpn.dll_x86......?R...3X,. .mfc140kor.dll_x86.P(...#S...3X,. .mfc140rus.dll_x86.xMJ.PKT...3X-. .mfc140u.dll_x86.pR.......3X,. .mfcm140.dll_x86.PR..8....3X,. .mfcm140u.dll_x86.z...4..CK..w..T.0.0" 8C(.R.X..6U..^..)...;..!.;.J'...w..C....."."..|...9.W.s......{V.Z.z.J.0.7...w.(.4\.|.E.D../.....O.E.~t...=1.-.....km...p....e...f.w.q..M.Hv.}.d...eW_3.a...0v.s.W................=.............NZ...L..T.......?3...>.L>...3..r...T....33.......{..M..a.~.u.Q.w.l..u.{O.rQ..$.E{...M.}..~<.T...Y..Q...{.s....p..Q..1Q4Y.2e...o....p.ye.p..R.I.S........oEQ.. .0.k........a..Rt...k.|....>X..Z...&]p....f...Q..~..j..}....k........ {

                                                                                                  C:\ProgramData\Package Cache\{9C19C103-7DB1-44D1-A039-2C076A633A38}v14.38.33135\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.383378429526644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                  MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                  SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                  SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                  SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\BrightData\cc8c404f5724a77db98a713bb560dce15970e661

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33
                                                                                                  Entropy (8bit):3.518196301885718
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:0dSdOn8DDHf:0yO6
                                                                                                  MD5:66875A93A7CA9E08721C3171924599A7
                                                                                                  SHA1:4EA445FFDC93AB1049B9D3BA39C3659FF7D9652A
                                                                                                  SHA-256:9E1A4844C234EECAAFC704E4BE7C75AA3AEEDE4F164FF227A0487C72A4EEAF31
                                                                                                  SHA-512:BFC86CCBCB447EF1E49DD03F832B88FD62690EF8A6713644F0AF10BA6E97B9BD153E64B782717CB896F21ED9063412F202062CA9E6E454023D51787FF77A2D56
                                                                                                  Malicious:false
                                                                                                  Preview:a8871a8dd9faad4c8d322dc2f26f3694:

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\058de324c1b0dac284ea2bf72c8481ef4cdfd79b.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16984
                                                                                                  Entropy (8bit):3.2612704137214608
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:i8rSaHRI9ML+CTxS9W4cnG7Dx5oKVRVE6LFV+Vk0JFrVSVFVDLVV0lXIzsol5gbn:0aqcXVS9rcGRtz9U1onD5Gl4ool5gbZZ
                                                                                                  MD5:6DB4C69D6D5529C53B470A3E12DC2B54
                                                                                                  SHA1:25B2AF0065E17076A129F97E9C2E3236B5D8F701
                                                                                                  SHA-256:37790983485E130F1D5ACFBE1904FE4995E7452A1CB7307D38E0ACD51129347C
                                                                                                  SHA-512:2B8782688A7FD937AA9E5290F8EDD18BBF0180E99E1F979484C8F0F998FE0AB758ADB2C436A8534D20BF998E8C06C712EE90C7CCAB3E4AC2A6E693EB12269337
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....XB...................................................,t@e.......}..8q.<........I.)Rz........p...............................................................................................................................H9..........`...........................`...(...p....... ...............(...p...........H...........8...........(...x.......(.......@.......(...(...p.......8...........h...0...........p...............................................s...P...........................................#.......#...............................1.......................1...C...S...c...s.......................................1...........1.......`...s.......S...P...s.......s.......s.......s.......s.......#.......S...............S.......S.......#.......S...............S...s...P.......S.......................p...............S...S.......s... ...0...........S...S.......s... ...0...s...S...`...S...p...s...P...............0...........p...s...........s...............................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\058de324c1b0dac284ea2bf72c8481ef4cdfd79b.qmlc.iAJwak

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16984
                                                                                                  Entropy (8bit):3.2612704137214608
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:i8rSaHRI9ML+CTxS9W4cnG7Dx5oKVRVE6LFV+Vk0JFrVSVFVDLVV0lXIzsol5gbn:0aqcXVS9rcGRtz9U1onD5Gl4ool5gbZZ
                                                                                                  MD5:6DB4C69D6D5529C53B470A3E12DC2B54
                                                                                                  SHA1:25B2AF0065E17076A129F97E9C2E3236B5D8F701
                                                                                                  SHA-256:37790983485E130F1D5ACFBE1904FE4995E7452A1CB7307D38E0ACD51129347C
                                                                                                  SHA-512:2B8782688A7FD937AA9E5290F8EDD18BBF0180E99E1F979484C8F0F998FE0AB758ADB2C436A8534D20BF998E8C06C712EE90C7CCAB3E4AC2A6E693EB12269337
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....XB...................................................,t@e.......}..8q.<........I.)Rz........p...............................................................................................................................H9..........`...........................`...(...p....... ...............(...p...........H...........8...........(...x.......(.......@.......(...(...p.......8...........h...0...........p...............................................s...P...........................................#.......#...............................1.......................1...C...S...c...s.......................................1...........1.......`...s.......S...P...s.......s.......s.......s.......s.......#.......S...............S.......S.......#.......S...............S...s...P.......S.......................p...............S...S.......s... ...0...........S...S.......s... ...0...s...S...`...S...p...s...P...............0...........p...s...........s...............................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0687ad87eb80646ceadbcb1accc2ae7e7e0c13c5.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5408
                                                                                                  Entropy (8bit):2.9633689034418524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:iqUsFUeGL3SJR732RCwVAH5g1nNZzU/ukqEfB57glNu:i1sFzGL3fvqenjA38k
                                                                                                  MD5:B8867AA160494E99CF86AC7192B403E3
                                                                                                  SHA1:F0387C85D75729A50A83A804C52A9E263B3673BE
                                                                                                  SHA-256:916A8E031C37E1100E10E58BF3632DADE82B603A473E1F5B25982783762F42CC
                                                                                                  SHA-512:C00958208F56BEA9A60D197AA9849C1AF810483423ABDB25D7561876736D13A6740D3CFC04FBE8A1CEAE3036D20D5C2AA75A040F235082085DEFBB05B3EF9787
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......0.iP.... ...................................................y..b..Z=7.............P.=...r,......6................... ....... ....... ....... ...............................................................................5...5...........0...x...........p...........x.......#...3.......3.......C.......c...S...`...C...p...c...S...p...C.......C...................S.......S...`...C.......C.......................................,...-......./...0...1...2...3...........@...............8.......8...............5.P.................5.....L...:.........@...............8.......8...............6.P.................6.....:.....@...............8.......8...............7.P.................7.....:.....@...............8.......8...............1...................1.........:.h.L...:.H.......@...............8.......8...............2...................2.........:.h.L...:.H.......@...............8.......8...............<...................<.....:.....@...............8.......8...............=.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0687ad87eb80646ceadbcb1accc2ae7e7e0c13c5.qmlc.TmOhqd

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5408
                                                                                                  Entropy (8bit):2.9633689034418524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:iqUsFUeGL3SJR732RCwVAH5g1nNZzU/ukqEfB57glNu:i1sFzGL3fvqenjA38k
                                                                                                  MD5:B8867AA160494E99CF86AC7192B403E3
                                                                                                  SHA1:F0387C85D75729A50A83A804C52A9E263B3673BE
                                                                                                  SHA-256:916A8E031C37E1100E10E58BF3632DADE82B603A473E1F5B25982783762F42CC
                                                                                                  SHA-512:C00958208F56BEA9A60D197AA9849C1AF810483423ABDB25D7561876736D13A6740D3CFC04FBE8A1CEAE3036D20D5C2AA75A040F235082085DEFBB05B3EF9787
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......0.iP.... ...................................................y..b..Z=7.............P.=...r,......6................... ....... ....... ....... ...............................................................................5...5...........0...x...........p...........x.......#...3.......3.......C.......c...S...`...C...p...c...S...p...C.......C...................S.......S...`...C.......C.......................................,...-......./...0...1...2...3...........@...............8.......8...............5.P.................5.....L...:.........@...............8.......8...............6.P.................6.....:.....@...............8.......8...............7.P.................7.....:.....@...............8.......8...............1...................1.........:.h.L...:.H.......@...............8.......8...............2...................2.........:.h.L...:.H.......@...............8.......8...............<...................<.....:.....@...............8.......8...............=.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0b01d8a6f75a0e84feef0ffb4fb92d74c84a2034.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17240
                                                                                                  Entropy (8bit):3.2734097782903064
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ZNiboxGofHXyqst36VVVw4VrFenUVSV2VWWpF/hVKXsMNTy0+Co+:ZNiboxGP3wXdvotWp5KXsM0BCo+
                                                                                                  MD5:701FBDC8109540BC9DDCCA4AE9093B69
                                                                                                  SHA1:7B73EF5F020B20C119E1252604B47EC639685C97
                                                                                                  SHA-256:6B25892C17C3F3C8F634C0DBBA615E033215C0903B22035B2458925D18030855
                                                                                                  SHA-512:40632546149C3376839CFCDD8E7E68776B667300D4A940E33E96FD3486388A0E7DF00571A01B06F33C15D99ECCF60BB211E4AD66C252C5A74AF435A2AD6AEFBE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......@.iP....XC...................................................hq...K.=.%+.5.0L......"[-...Y............#............................................................................................................................9..........`...........8...........0...............p....... ...x.......(...........................x.......................X...........`...................0.......P....................................... ...3...c...@...s...................................P...........................................S...........................S...........S...........................3...................#...........A.......#...........A...P.......`...q...........................S...........................................................@...........s.......................c...........................S...........3............................... ...A...............@...........................0.......0.......0... ...@.......P...@.......`...3...c.......................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\0b01d8a6f75a0e84feef0ffb4fb92d74c84a2034.qmlc.bjHxxA

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17240
                                                                                                  Entropy (8bit):3.2734097782903064
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:ZNiboxGofHXyqst36VVVw4VrFenUVSV2VWWpF/hVKXsMNTy0+Co+:ZNiboxGP3wXdvotWp5KXsM0BCo+
                                                                                                  MD5:701FBDC8109540BC9DDCCA4AE9093B69
                                                                                                  SHA1:7B73EF5F020B20C119E1252604B47EC639685C97
                                                                                                  SHA-256:6B25892C17C3F3C8F634C0DBBA615E033215C0903B22035B2458925D18030855
                                                                                                  SHA-512:40632546149C3376839CFCDD8E7E68776B667300D4A940E33E96FD3486388A0E7DF00571A01B06F33C15D99ECCF60BB211E4AD66C252C5A74AF435A2AD6AEFBE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......@.iP....XC...................................................hq...K.=.%+.5.0L......"[-...Y............#............................................................................................................................9..........`...........8...........0...............p....... ...x.......(...........................x.......................X...........`...................0.......P....................................... ...3...c...@...s...................................P...........................................S...........................S...........S...........................3...................#...........A.......#...........A...P.......`...q...........................S...........................................................@...........s.......................c...........................S...........3............................... ...A...............@...........................0.......0.......0... ...@.......P...@.......`...3...c.......................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\114153de861c033831c95e153d52cad921f484f3.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21948
                                                                                                  Entropy (8bit):3.2524007346868125
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:rW6P7jIqX3kvMXmL/0gdBLqVen2VO1laSA5AVSV2oVg6fQARoiiJCiczOJL+:xk0XmL/hQzqobS64AmPeOc
                                                                                                  MD5:A5E933D3B08B19A0591915121BAC6791
                                                                                                  SHA1:BA88EFADD33CB9F6F70F25390F11659CB3EBE4BE
                                                                                                  SHA-256:9A31766604BF3F2916C78BC4A977EAF9FC7CE7774A419BC20E74D2DA03E47A5A
                                                                                                  SHA-512:58A6E9E937118130CCCD278B1DBA7CFF71795405692E2A5B17E9C63B88CD1B4F902CDCAB3CE748C461D1D361367275DE7E249A544201EA7C41E103ACD0D157BE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....U..................................................0An..^[...@&`1$.Y.z..-..lF..G..............-...........................................L.......P........................................................................D..........p....... ...h....... ........... ...h.......@...0...........p...........P...........(...p...........p...........`.......@... ...........P...........`....... ...........H....... ...#.......#.......c...#...........p...c...#.......#...............c.......#.......................#.......S.......................................#.......#.......#...............#...................................c...0...........@.......@...c...P...........`...........c...`...............................c...P...c...P...#...p....................................................... ...............................#....................................................................... ...0.......@....... ...#.......P...#...`...................`...................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\114153de861c033831c95e153d52cad921f484f3.qmlc.nHbuma

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21948
                                                                                                  Entropy (8bit):3.2524007346868125
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:rW6P7jIqX3kvMXmL/0gdBLqVen2VO1laSA5AVSV2oVg6fQARoiiJCiczOJL+:xk0XmL/hQzqobS64AmPeOc
                                                                                                  MD5:A5E933D3B08B19A0591915121BAC6791
                                                                                                  SHA1:BA88EFADD33CB9F6F70F25390F11659CB3EBE4BE
                                                                                                  SHA-256:9A31766604BF3F2916C78BC4A977EAF9FC7CE7774A419BC20E74D2DA03E47A5A
                                                                                                  SHA-512:58A6E9E937118130CCCD278B1DBA7CFF71795405692E2A5B17E9C63B88CD1B4F902CDCAB3CE748C461D1D361367275DE7E249A544201EA7C41E103ACD0D157BE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....U..................................................0An..^[...@&`1$.Y.z..-..lF..G..............-...........................................L.......P........................................................................D..........p....... ...h....... ........... ...h.......@...0...........p...........P...........(...p...........p...........`.......@... ...........P...........`....... ...........H....... ...#.......#.......c...#...........p...c...#.......#...............c.......#.......................#.......S.......................................#.......#.......#...............#...................................c...0...........@.......@...c...P...........`...........c...`...............................c...P...c...P...#...p....................................................... ...............................#....................................................................... ...0.......@....... ...#.......P...#...`...................`...................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1432167348178a27baf53b7d0b72e9a585d7048c.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):27168
                                                                                                  Entropy (8bit):3.003358164578049
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HXuUuf8iNFV0kyTJRbyi2+FcQ1jdYjum0ZF3R8WQyetmwQyO6a1RoIdrzhWpc:HeqDJ5xcQT7CBpmzyOb1Roqh/
                                                                                                  MD5:C9B3267BF2538E0ACAFF0465CD3B5828
                                                                                                  SHA1:6257631CDD79E6468E141B95A77AB2A9124C2D88
                                                                                                  SHA-256:471839CF9755E2ACCBE1725F8516BFDD6E31C54EC0833DD0F61533FD0EFE9435
                                                                                                  SHA-512:69E58A6BFA7BEE2353B1929197C64F75E25374FF6CD23B08460196E71B8B1E3510AF50D321F620083C6EF93E2CC619688643C92CB4CA30A169D4C95C0BF14645
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......*.iP.... j....................................................5.N..).SL...B.$.....A.el.6Fe.............J........... ....... ....... ....... .......................x.......x.......x.......x.......x.......x.......x...............XC..x...........P...........(...p...........H...........X...........0...............`...........8...............`...........@...............`...........X...........8........... ...h...........P...........H...........@...........8...........@...........8...........(...x.......P....... ...........8...s.......s.......s.......s.......s.......s.......s.......s.......s...............c...3...........@.......p...........p...3...........@...3...........................#.......C...............`.......#...............P.......@.......`.......p...#.......#.......#.......#.......s.......s.......s...................P.......`...........c...c...............p.......................#...................`.......@.......p...c...............c...c...............p.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1432167348178a27baf53b7d0b72e9a585d7048c.qmlc.GnJxcv

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):27168
                                                                                                  Entropy (8bit):3.003358164578049
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HXuUuf8iNFV0kyTJRbyi2+FcQ1jdYjum0ZF3R8WQyetmwQyO6a1RoIdrzhWpc:HeqDJ5xcQT7CBpmzyOb1Roqh/
                                                                                                  MD5:C9B3267BF2538E0ACAFF0465CD3B5828
                                                                                                  SHA1:6257631CDD79E6468E141B95A77AB2A9124C2D88
                                                                                                  SHA-256:471839CF9755E2ACCBE1725F8516BFDD6E31C54EC0833DD0F61533FD0EFE9435
                                                                                                  SHA-512:69E58A6BFA7BEE2353B1929197C64F75E25374FF6CD23B08460196E71B8B1E3510AF50D321F620083C6EF93E2CC619688643C92CB4CA30A169D4C95C0BF14645
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......*.iP.... j....................................................5.N..).SL...B.$.....A.el.6Fe.............J........... ....... ....... ....... .......................x.......x.......x.......x.......x.......x.......x...............XC..x...........P...........(...p...........H...........X...........0...............`...........8...............`...........@...............`...........X...........8........... ...h...........P...........H...........@...........8...........@...........8...........(...x.......P....... ...........8...s.......s.......s.......s.......s.......s.......s.......s.......s...............c...3...........@.......p...........p...3...........@...3...........................#.......C...............`.......#...............P.......@.......`.......p...#.......#.......#.......#.......s.......s.......s...................P.......`...........c...c...............p.......................#...................`.......@.......p...c...............c...c...............p.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\18d32c2a02a6cec587c35e334bb266f6f05f21d8.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28716
                                                                                                  Entropy (8bit):3.1131013909759675
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:0zgm9RojIf+ObG+HGNsY//USJSgTGSNteNRd:qgmMfObG+HFmUS+SNtSRd
                                                                                                  MD5:627D5EC6F805EFD75C258C43ABEB2F48
                                                                                                  SHA1:7C2B28260849FF9D253A206D16533BDF5803FF50
                                                                                                  SHA-256:ABD01B780010617BDF0FE3272A0090834CD71B9A885DA781DD99FCAA4C024C05
                                                                                                  SHA-512:FC4B9A5C96E13EB2E094B05A10D2B680D710D79B9D750D78A1387C0A095A2CA94BF12763E934F9E725616D503D1B55219D0B9A78C74015A339E13BE1201B0DF3
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....,p..................................................|........&...D...t.:.R. ...}4...............D...........................................|...............................................................................hI......P.......P.......(...p...........P...........P...........P...........8...........H...........0...........(...x...........P...........0...........8...........@...........H...........P...........P....... ........... ...........P...........P...........8...................3...3... ...3...3.......#...................`.......c.......`...s.......`...........`...............3........... ...S.......3...0...c...`.......................0...........3........... .......C.......`...c.......3...@............... .......c...C.......`...c...........3........... ...........S...S.......3...........`...3...0...3...........`...............0...S...S...............3...p.......`...C...3...0...............c...`...........`....... ...c.......c.......3.......s...3...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\18d32c2a02a6cec587c35e334bb266f6f05f21d8.qmlc.alKixx

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28716
                                                                                                  Entropy (8bit):3.1131013909759675
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:0zgm9RojIf+ObG+HGNsY//USJSgTGSNteNRd:qgmMfObG+HFmUS+SNtSRd
                                                                                                  MD5:627D5EC6F805EFD75C258C43ABEB2F48
                                                                                                  SHA1:7C2B28260849FF9D253A206D16533BDF5803FF50
                                                                                                  SHA-256:ABD01B780010617BDF0FE3272A0090834CD71B9A885DA781DD99FCAA4C024C05
                                                                                                  SHA-512:FC4B9A5C96E13EB2E094B05A10D2B680D710D79B9D750D78A1387C0A095A2CA94BF12763E934F9E725616D503D1B55219D0B9A78C74015A339E13BE1201B0DF3
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....,p..................................................|........&...D...t.:.R. ...}4...............D...........................................|...............................................................................hI......P.......P.......(...p...........P...........P...........P...........8...........H...........0...........(...x...........P...........0...........8...........@...........H...........P...........P....... ........... ...........P...........P...........8...................3...3... ...3...3.......#...................`.......c.......`...s.......`...........`...............3........... ...S.......3...0...c...`.......................0...........3........... .......C.......`...c.......3...@............... .......c...C.......`...c...........3........... ...........S...S.......3...........`...3...0...3...........`...............0...S...S...............3...p.......`...C...3...0...............c...`...........`....... ...c.......c.......3.......s...3...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1be11c46b02efe939938924dc3693ef3c706c16e.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1124
                                                                                                  Entropy (8bit):2.8663987920920144
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:C7afu1EEEEEEEApcbm3ulKCiRwdZMr0/dxtBKgdpsbKS/r9Hg/LsEfEEwx06Etz4:CaujDqKCiRqZpogdGKS5Ab8Jvf
                                                                                                  MD5:91188ED5486C2AFAF0C68C8AA58F683F
                                                                                                  SHA1:420808FF4F7BD147E7B0FB52D14606B768835A4A
                                                                                                  SHA-256:AE619F562549F189205A169141B95A61585BF2BD199E120112EC257262C495E8
                                                                                                  SHA-512:421CE69C2361B075197DF2FB8AF2FC2C57F38BD2D25917E755B47D0448584EE542973D21B99ECDF544ABE6E8B8D4463E33F80B6C6BBF7B2C3C3CE7BB813E014B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......0.iP....d....................................................T.......W.d.B..Km..Gf...._E.....................................................................................................................................................(...H...p...............(...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.O.b.j.e.c.t.................................C.o.m.p.o.n.e.n.t...............................b.a.c.k.g.r.o.u.n.d.............................l.a.b.e.l...............................s.u.b.m.e.n.u.I.n.d.i.c.a.t.o.r.................................s.h.o.r.t.c.u.t.................................c.h.e.c.k.m.a.r.k.I.n.d.i.c.a.t.o.r.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.M.e.n.u.I.t.e.m.S.u.b.C.o.n.t.r.o.l.s...q.m.l...................(.......................(...,.......................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\1be11c46b02efe939938924dc3693ef3c706c16e.qmlc.EsrCyI

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1124
                                                                                                  Entropy (8bit):2.8663987920920144
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:C7afu1EEEEEEEApcbm3ulKCiRwdZMr0/dxtBKgdpsbKS/r9Hg/LsEfEEwx06Etz4:CaujDqKCiRqZpogdGKS5Ab8Jvf
                                                                                                  MD5:91188ED5486C2AFAF0C68C8AA58F683F
                                                                                                  SHA1:420808FF4F7BD147E7B0FB52D14606B768835A4A
                                                                                                  SHA-256:AE619F562549F189205A169141B95A61585BF2BD199E120112EC257262C495E8
                                                                                                  SHA-512:421CE69C2361B075197DF2FB8AF2FC2C57F38BD2D25917E755B47D0448584EE542973D21B99ECDF544ABE6E8B8D4463E33F80B6C6BBF7B2C3C3CE7BB813E014B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......0.iP....d....................................................T.......W.d.B..Km..Gf...._E.....................................................................................................................................................(...H...p...............(...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.O.b.j.e.c.t.................................C.o.m.p.o.n.e.n.t...............................b.a.c.k.g.r.o.u.n.d.............................l.a.b.e.l...............................s.u.b.m.e.n.u.I.n.d.i.c.a.t.o.r.................................s.h.o.r.t.c.u.t.................................c.h.e.c.k.m.a.r.k.I.n.d.i.c.a.t.o.r.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.M.e.n.u.I.t.e.m.S.u.b.C.o.n.t.r.o.l.s...q.m.l...................(.......................(...,.......................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\27daa4fa9e21025f80799f4eff3948fc8687755a.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8128
                                                                                                  Entropy (8bit):3.231449294038494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ZirC5d86+JvOKcrXSE0Xhp231pHJNxOfxskkhVSL6J+ByOaIB5iT9g+FS:ZiV6KeD+s5k23CCFS
                                                                                                  MD5:0B4F988918578ADB3C6DC5F0A9A656C5
                                                                                                  SHA1:C783977980B92EC6EC7A7E253E6CB90CE50A0B39
                                                                                                  SHA-256:66DE3012D03C32A24CE4130ED199A14B70D0F30B0ADAFD9B7E53D027BAA82E01
                                                                                                  SHA-512:D59A934DB12563048CB02D59607987B024039B604ED2480046990FD7E1480B38880D794D41B1BF52C1C3A9E69B74F7DAA4A5030F5CA09ADBCD6C1CED85A433DF
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......~.iP..........................................................:EX....d..`(.AB......vd;.........L...8...............H.......H.......H...L...H.......x.......................................................................K...K...h........... ...p.......(...x...........X...........H...........@...........@...............`...........................3...................................#...#.......#...#.......3...S...#...#...................p................... .......0...#...#...@...#...#...P.......3.......`...S.......p...#...#...............0...........3...........3...........3...........3...........3...S...............@...............8.......8...............A.P.................A.....L...:.H.......@...............8.......8...............B.P.................B.....L...:.H.......@...............8.......8...............C.P.................C.....L...:.H.......H...&...........8.......8...............F.P.................F.......G........h.J...pL..H...L...:.L...:.H........@.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\27daa4fa9e21025f80799f4eff3948fc8687755a.qmlc.ChHYPu

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8128
                                                                                                  Entropy (8bit):3.231449294038494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ZirC5d86+JvOKcrXSE0Xhp231pHJNxOfxskkhVSL6J+ByOaIB5iT9g+FS:ZiV6KeD+s5k23CCFS
                                                                                                  MD5:0B4F988918578ADB3C6DC5F0A9A656C5
                                                                                                  SHA1:C783977980B92EC6EC7A7E253E6CB90CE50A0B39
                                                                                                  SHA-256:66DE3012D03C32A24CE4130ED199A14B70D0F30B0ADAFD9B7E53D027BAA82E01
                                                                                                  SHA-512:D59A934DB12563048CB02D59607987B024039B604ED2480046990FD7E1480B38880D794D41B1BF52C1C3A9E69B74F7DAA4A5030F5CA09ADBCD6C1CED85A433DF
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......~.iP..........................................................:EX....d..`(.AB......vd;.........L...8...............H.......H.......H...L...H.......x.......................................................................K...K...h........... ...p.......(...x...........X...........H...........@...........@...............`...........................3...................................#...#.......#...#.......3...S...#...#...................p................... .......0...#...#...@...#...#...P.......3.......`...S.......p...#...#...............0...........3...........3...........3...........3...........3...S...............@...............8.......8...............A.P.................A.....L...:.H.......@...............8.......8...............B.P.................B.....L...:.H.......@...............8.......8...............C.P.................C.....L...:.H.......H...&...........8.......8...............F.P.................F.......G........h.J...pL..H...L...:.L...:.H........@.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\2d8348bf56c0b141f8889af98c68b0e985a29065.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4960
                                                                                                  Entropy (8bit):3.034686757364767
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:JhiyeB1qr1b5ybB37K++fpu7taNps4ry4B0ZXQOe:JhiyeB121bYj4eJXRe
                                                                                                  MD5:48D13FDBFA6282B00BC89CD75D8B1AE4
                                                                                                  SHA1:5E5FCA73B0E46386E3F602E118883A9A71BA40DF
                                                                                                  SHA-256:C5EEF450DE14ED6844E7EE8B83563AB9B4E8D5927F946A68D494DAB5D457C67B
                                                                                                  SHA-512:A7012FE2F4ACD07188EB26696D7C0B7166C98FEF146B1B9D1815D8D1DCB5D4F9B422C53B49B797D915B5F91EF0A3D2FF66111959EBB4DAC4345799479E9324A7
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....`...................................................W...>....;..........h.{W.k.*1.[....-... ...............$.......$.......$.......$...............................................................................,...,...............0........... ...h.......(...x.......c...@.......@................................... ...c...C...S.......`...s...C...................S.......`...s...C...........@...............8.......8...............=.P.................=.....:.....@...............8.......8...............@.P.................@.....:.....@...............8.......8...............E.P.................E.....L...:.H.......@...............8.......8...............F.P.................F.....L...:.H.......@...............8.......8...............G.P.................G.....L...:.H.......@...............8.......8...............O...................O...........@...............8.......8...............P...................P...........P...............8.......8...............R...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\2d8348bf56c0b141f8889af98c68b0e985a29065.qmlc.dEObrd

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4960
                                                                                                  Entropy (8bit):3.034686757364767
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:JhiyeB1qr1b5ybB37K++fpu7taNps4ry4B0ZXQOe:JhiyeB121bYj4eJXRe
                                                                                                  MD5:48D13FDBFA6282B00BC89CD75D8B1AE4
                                                                                                  SHA1:5E5FCA73B0E46386E3F602E118883A9A71BA40DF
                                                                                                  SHA-256:C5EEF450DE14ED6844E7EE8B83563AB9B4E8D5927F946A68D494DAB5D457C67B
                                                                                                  SHA-512:A7012FE2F4ACD07188EB26696D7C0B7166C98FEF146B1B9D1815D8D1DCB5D4F9B422C53B49B797D915B5F91EF0A3D2FF66111959EBB4DAC4345799479E9324A7
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....`...................................................W...>....;..........h.{W.k.*1.[....-... ...............$.......$.......$.......$...............................................................................,...,...............0........... ...h.......(...x.......c...@.......@................................... ...c...C...S.......`...s...C...................S.......`...s...C...........@...............8.......8...............=.P.................=.....:.....@...............8.......8...............@.P.................@.....:.....@...............8.......8...............E.P.................E.....L...:.H.......@...............8.......8...............F.P.................F.....L...:.H.......@...............8.......8...............G.P.................G.....L...:.H.......@...............8.......8...............O...................O...........@...............8.......8...............P...................P...........P...............8.......8...............R...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\30dd8e4deb56ed0a12c51af42cc69591ba8e2942.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30156
                                                                                                  Entropy (8bit):3.636148056219747
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:69op34NNial4VNmWfQKWxFCZ9HVGKkcK0aD0osF1guDPEgG2iN7AC+ml5RsFjHah:69VNiaWgWfYFK/jtFlD8g/sPEkCawgJ3
                                                                                                  MD5:355E49DD1806C6324CA5631B48C88255
                                                                                                  SHA1:DB03E75CD6DFC978BA6C07E626E14E9B11034A1E
                                                                                                  SHA-256:817B449E7632AE08F02008C367939D96C3D1CED6E72967A2E13FB17471CB3D08
                                                                                                  SHA-512:6DF2730EA30A648BB048DF352E6A25083F6972DF5E3FC33F92EEDB1F4D817E8A728878F44CA501CA7E5D92358D3D7EC39432EB7B442616C8CED687B2501E04EB
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....u...................................................C);...C}X!...m....669.bRb..(.A.........7..=...............................-............................................................................................e......H...........@...........(...p...........`...........`...................(...........H...........X...........................`...........`...........h...........h...........h...0...( ...#...%...&...'...(...*..X,..h........0...5.. 6..h6...6..s...................p.......c...................................S...S...................................................c.......`...................................................................................................c...............................................................`...............................................................................................................c...................3...............#...!...C............... ...C...................s...0...s...@...s...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\30dd8e4deb56ed0a12c51af42cc69591ba8e2942.qmlc.dZSBnD

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30156
                                                                                                  Entropy (8bit):3.636148056219747
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:69op34NNial4VNmWfQKWxFCZ9HVGKkcK0aD0osF1guDPEgG2iN7AC+ml5RsFjHah:69VNiaWgWfYFK/jtFlD8g/sPEkCawgJ3
                                                                                                  MD5:355E49DD1806C6324CA5631B48C88255
                                                                                                  SHA1:DB03E75CD6DFC978BA6C07E626E14E9B11034A1E
                                                                                                  SHA-256:817B449E7632AE08F02008C367939D96C3D1CED6E72967A2E13FB17471CB3D08
                                                                                                  SHA-512:6DF2730EA30A648BB048DF352E6A25083F6972DF5E3FC33F92EEDB1F4D817E8A728878F44CA501CA7E5D92358D3D7EC39432EB7B442616C8CED687B2501E04EB
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....u...................................................C);...C}X!...m....669.bRb..(.A.........7..=...............................-............................................................................................e......H...........@...........(...p...........`...........`...................(...........H...........X...........................`...........`...........h...........h...........h...0...( ...#...%...&...'...(...*..X,..h........0...5.. 6..h6...6..s...................p.......c...................................S...S...................................................c.......`...................................................................................................c...............................................................`...............................................................................................................c...................3...............#...!...C............... ...C...................s...0...s...@...s...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\333edca0c6b3ada07efc4e84a4b957a2adb8d5c0.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):37168
                                                                                                  Entropy (8bit):3.1952168067226396
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:pYRwOoCDWDmjwhOwegx33SVfsMAk4K37+bebePKg:xCqTORm33SdVUK36JR
                                                                                                  MD5:28BBA2D8E46B0AD04EC193DBF5F2774F
                                                                                                  SHA1:9AE4DD4F1E203E9134F0FBCB29F0A805839A5C17
                                                                                                  SHA-256:DB3F03A9C6BF14EBE788D7128B3C682C96FADB70ED21D5520946DF9601082940
                                                                                                  SHA-512:6CFEAC88BED8FD984B5F7D5044D050D47AF17F0BF7BFC14775AD333C7188D2582F03354C63495A7C8B37555166A368EF75DF429CD8E6B4AF73BD0E66ECB10380
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......$.iP....0...................................................a...A..M.....s?.....ZA.i>.2..........1..m...............................q...........p.......p........................................................................a......(...........0...........8.......@.......`...........H.......................p...........`...........H...........X...........`...........X...........x....... ...p...........`.......`.......`.......P...........H...........P...........P ... ... ..H!...!...!..h"..."..8#...#...#.. $...$...$.. %..p%...%..P&...&...&..`'...'..P(...(...)..p)...).. *..p*...*.. +..p+...+...,..`,...,...-...-...-..0............/..p/.../.. 0..x0...0..(1..p1..C...s.......s.......s.......s...........P...s...........p...s...........................S.......S...#...S.......S...s...............s...............#...................................0...s.......#...............S...............#...........S.......0...#...............S.......S...............#...........0...#...0...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\333edca0c6b3ada07efc4e84a4b957a2adb8d5c0.qmlc.AKMNpl

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):37168
                                                                                                  Entropy (8bit):3.1952168067226396
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:pYRwOoCDWDmjwhOwegx33SVfsMAk4K37+bebePKg:xCqTORm33SdVUK36JR
                                                                                                  MD5:28BBA2D8E46B0AD04EC193DBF5F2774F
                                                                                                  SHA1:9AE4DD4F1E203E9134F0FBCB29F0A805839A5C17
                                                                                                  SHA-256:DB3F03A9C6BF14EBE788D7128B3C682C96FADB70ED21D5520946DF9601082940
                                                                                                  SHA-512:6CFEAC88BED8FD984B5F7D5044D050D47AF17F0BF7BFC14775AD333C7188D2582F03354C63495A7C8B37555166A368EF75DF429CD8E6B4AF73BD0E66ECB10380
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......$.iP....0...................................................a...A..M.....s?.....ZA.i>.2..........1..m...............................q...........p.......p........................................................................a......(...........0...........8.......@.......`...........H.......................p...........`...........H...........X...........`...........X...........x....... ...p...........`.......`.......`.......P...........H...........P...........P ... ... ..H!...!...!..h"..."..8#...#...#.. $...$...$.. %..p%...%..P&...&...&..`'...'..P(...(...)..p)...).. *..p*...*.. +..p+...+...,..`,...,...-...-...-..0............/..p/.../.. 0..x0...0..(1..p1..C...s.......s.......s.......s...........P...s...........p...s...........................S.......S...#...S.......S...s...............s...............#...................................0...s.......#...............S...............#...........S.......0...#...............S.......S...............#...........0...#...0...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\353fdfaef3911f48bd642aec8898b18abf9a4612.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):50460
                                                                                                  Entropy (8bit):3.1845543354088415
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:VWLfp9Tk6jGCOH6WRDSlDaDCP1kgTUOJlo:wjp9Tk6juRDSlDdCn
                                                                                                  MD5:A230684693B3735891F3DE1EDE69931F
                                                                                                  SHA1:5FF126E8F8A1076D910BA94AA31177A2635E17D8
                                                                                                  SHA-256:ECAB178CA7E55B95781BEBCD6FEFFF7CA848BE4E5278EE0BBCEEF5890B67B58A
                                                                                                  SHA-512:9E9BD006EF8FA5E02F1B0A02E33D5575E6D0B6EBBABAFC04A258DA5738106BABF7A687EB83B7938CF4B346E39C02BB53E9A3AC06784CF329B5245115340FB739
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......|.iP.........................................................5..?QwF...12.|..W...._%.....D.K....b...@?..{................................................... .......................H.......H.......H.......H.......H.......[...[.......H...........`...........H...........8...........X...........H...........0...x...........`...........p.......p...........X.......h.......8...........X...........h...........`.......`...........p...........`.......` ... ..(!...!..p"..P#..h$...$...%...%...&...&..('...'..P(...(...(..H)...)...)..H*...*...*..8+...+...+..(,...,...,..(-...-..0...........P/.../.../..h0...0...1..`1...1..H2...2..h3..p4...4..H5...5...5..(6..(7..x7...7..08...8...8...9..h9...9...:..P:...:...;..`;...;...<...<..P=...=...?..(?..........................#...............#...............#...P...#...............#...0...#...P.......0...C...S...`.......p...S...........................#.......`...Q.......#...`...#.......a.......0.......P.......p.......C...S...............s...P.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\353fdfaef3911f48bd642aec8898b18abf9a4612.qmlc.WjlwPh

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):50460
                                                                                                  Entropy (8bit):3.1845543354088415
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:VWLfp9Tk6jGCOH6WRDSlDaDCP1kgTUOJlo:wjp9Tk6juRDSlDdCn
                                                                                                  MD5:A230684693B3735891F3DE1EDE69931F
                                                                                                  SHA1:5FF126E8F8A1076D910BA94AA31177A2635E17D8
                                                                                                  SHA-256:ECAB178CA7E55B95781BEBCD6FEFFF7CA848BE4E5278EE0BBCEEF5890B67B58A
                                                                                                  SHA-512:9E9BD006EF8FA5E02F1B0A02E33D5575E6D0B6EBBABAFC04A258DA5738106BABF7A687EB83B7938CF4B346E39C02BB53E9A3AC06784CF329B5245115340FB739
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......|.iP.........................................................5..?QwF...12.|..W...._%.....D.K....b...@?..{................................................... .......................H.......H.......H.......H.......H.......[...[.......H...........`...........H...........8...........X...........H...........0...x...........`...........p.......p...........X.......h.......8...........X...........h...........`.......`...........p...........`.......` ... ..(!...!..p"..P#..h$...$...%...%...&...&..('...'..P(...(...(..H)...)...)..H*...*...*..8+...+...+..(,...,...,..(-...-..0...........P/.../.../..h0...0...1..`1...1..H2...2..h3..p4...4..H5...5...5..(6..(7..x7...7..08...8...8...9..h9...9...:..P:...:...;..`;...;...<...<..P=...=...?..(?..........................#...............#...............#...P...#...............#...0...#...P.......0...C...S...`.......p...S...........................#.......`...Q.......#...`...#.......a.......0.......P.......p.......C...S...............s...P.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3c310996c62472b3b51040d67420db607cc1d248.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4676
                                                                                                  Entropy (8bit):3.0464251570787098
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:XCdh/EoBD6JFnLrXQs7gMHMoptDNsdAQ5NDRXAYBFZ:y/cynbv1
                                                                                                  MD5:FD85938EBD7AA81F7B02F7D451B2E8F2
                                                                                                  SHA1:7B59B864D85046E60D4692EBCB5151B14C84B033
                                                                                                  SHA-256:120A7C6CB73E2C75D29C2E3E203687AE4880EBF84CB833A220B3DA4BA8FF6059
                                                                                                  SHA-512:46BC926FC478F82B3BE06DE3F5EA0117443EBE61ED7D1D0607F49A8AC7E5A032AB7AD6024E15215FCFEAF1E4368EF0AB5C5873D2A7DA78EE9157538823B2BDFE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......!.iP....D...................................................M;....~...!..df..|v..b^.x...K....1.......................................!...................................................................................0...0...............@.......x...........P.......................#.......c...0...c...0...s...@.......3...3...P...3...P...s...s...........s.......................c...................@...............8.......8...............2.P.................2.....L...:.L...:.H.........@...............8.......8...............5.P.................5...........P...............8.......8...............A.P.................D.......E.......G.....pL...:.L...:............0.............h...J...........8.......8...............J.P.................K.......L.......N.......O.......R...H...U.....pL.....:.L...:.0&H3......:.:....+h.L...H...:.:....,h.L...H..-.......0.................@...............8.......8...............V.P.................V...........@...............8.......8...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3c310996c62472b3b51040d67420db607cc1d248.qmlc.PzpVbG

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4676
                                                                                                  Entropy (8bit):3.0464251570787098
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:XCdh/EoBD6JFnLrXQs7gMHMoptDNsdAQ5NDRXAYBFZ:y/cynbv1
                                                                                                  MD5:FD85938EBD7AA81F7B02F7D451B2E8F2
                                                                                                  SHA1:7B59B864D85046E60D4692EBCB5151B14C84B033
                                                                                                  SHA-256:120A7C6CB73E2C75D29C2E3E203687AE4880EBF84CB833A220B3DA4BA8FF6059
                                                                                                  SHA-512:46BC926FC478F82B3BE06DE3F5EA0117443EBE61ED7D1D0607F49A8AC7E5A032AB7AD6024E15215FCFEAF1E4368EF0AB5C5873D2A7DA78EE9157538823B2BDFE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......!.iP....D...................................................M;....~...!..df..|v..b^.x...K....1.......................................!...................................................................................0...0...............@.......x...........P.......................#.......c...0...c...0...s...@.......3...3...P...3...P...s...s...........s.......................c...................@...............8.......8...............2.P.................2.....L...:.L...:.H.........@...............8.......8...............5.P.................5...........P...............8.......8...............A.P.................D.......E.......G.....pL...:.L...:............0.............h...J...........8.......8...............J.P.................K.......L.......N.......O.......R...H...U.....pL.....:.L...:.0&H3......:.:....+h.L...H...:.:....,h.L...H..-.......0.................@...............8.......8...............V.P.................V...........@...............8.......8...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d116b123058b4a81ba7300f94307fd73504de7d.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):50668
                                                                                                  Entropy (8bit):3.404434579828574
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:MDGOqtdbMFA/teMWDevOhxT5MAZGJQtZPP4Nb4KRiJ4kCoGniQ+zCPJcM7LKwZnx:6qtdEA/ISm2AZWqUlkCo2i1hM7Lr
                                                                                                  MD5:C37491D9FF2118CFB27144739B39A3ED
                                                                                                  SHA1:2D6F10F004057D875F12FF62134E6F08971ACC7F
                                                                                                  SHA-256:E6D16965DAC4CC96483310D9BD13FAE67D775911355A48CD56228DC2E62B3C6F
                                                                                                  SHA-512:3164094CE44803BF47C8C08F658C00AA2E15BE43CABF2B5C58B993E67F2F5C1EC772A3F047957B5C3046E55045CD45BCC99A1A6D3CB2409B82FD7CFC2484BA28
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.........................................................'...J.e.O...o..$..........R.{L....`....G..............,.......,.......,...1...,.......................X.......h.......h.......h.......h.......h.......h.......]...].......h...........h...........H...........(...p...........X.......8...............h...........@...........8...........0...x.......@...........(...x...........h...........h...........H.......@...........X...........P...........@...........( ..x ... ...!..h!...!..8"..."..."...#...$..8%...&...&..H'...'...(..H(...(...(..8)...)...)..`*...*...*..H+...+...+..0,...,...,..H-......x.......@/.../.../..80...0...0..81...1...1..@5...6...8...8...9..0:...:...:...;...<..X<...<...<..@=...=..X>...?...?..x@...@...A...A...A..8B...B...B..8C...C...C..@D...D...D..PE...E...F..XF...F..(G......C...S...`...............`...`...P.......S...............@.......`...S...`...S...S...............p...S...0...s.......C.......C.......C...C.......C.......C...........`...C...........`...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d116b123058b4a81ba7300f94307fd73504de7d.qmlc.XAQpJo

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):50668
                                                                                                  Entropy (8bit):3.404434579828574
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:MDGOqtdbMFA/teMWDevOhxT5MAZGJQtZPP4Nb4KRiJ4kCoGniQ+zCPJcM7LKwZnx:6qtdEA/ISm2AZWqUlkCo2i1hM7Lr
                                                                                                  MD5:C37491D9FF2118CFB27144739B39A3ED
                                                                                                  SHA1:2D6F10F004057D875F12FF62134E6F08971ACC7F
                                                                                                  SHA-256:E6D16965DAC4CC96483310D9BD13FAE67D775911355A48CD56228DC2E62B3C6F
                                                                                                  SHA-512:3164094CE44803BF47C8C08F658C00AA2E15BE43CABF2B5C58B993E67F2F5C1EC772A3F047957B5C3046E55045CD45BCC99A1A6D3CB2409B82FD7CFC2484BA28
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.........................................................'...J.e.O...o..$..........R.{L....`....G..............,.......,.......,...1...,.......................X.......h.......h.......h.......h.......h.......h.......]...].......h...........h...........H...........(...p...........X.......8...............h...........@...........8...........0...x.......@...........(...x...........h...........h...........H.......@...........X...........P...........@...........( ..x ... ...!..h!...!..8"..."..."...#...$..8%...&...&..H'...'...(..H(...(...(..8)...)...)..`*...*...*..H+...+...+..0,...,...,..H-......x.......@/.../.../..80...0...0..81...1...1..@5...6...8...8...9..0:...:...:...;...<..X<...<...<..@=...=..X>...?...?..x@...@...A...A...A..8B...B...B..8C...C...C..@D...D...D..PE...E...F..XF...F..(G......C...S...`...............`...`...P.......S...............@.......`...S...`...S...S...............p...S...0...s.......C.......C.......C...C.......C.......C...........`...C...........`...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d97e4d68add4690c406bffa103dbc3bacab44dc.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1228
                                                                                                  Entropy (8bit):2.8695573549802735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:SeaEPwDSEEEEEEEATE7Q1cz3/jt/Kb4yRU5Z/gxz3JDKgdpsbKS/rVvVvEENoZ44:NafKoJ3J142yx7JWgdGKSJ9MRv
                                                                                                  MD5:5C195F4C21696AC584EB3FD461CD9D19
                                                                                                  SHA1:A1266EDD776AF6D48D9CDFF8C9436B7331D0B144
                                                                                                  SHA-256:AD7082E85485D2334E4694ED8E559597E0A96B028739EFD63871F811FF302CE7
                                                                                                  SHA-512:7C9010F6E22B86F8D05D726892262E5EFAC77FD3AF02E5CC8D987144720437A55A743A8AF538D4F72FC200F55622D70AF2E0D023A62A5C3A37DC24A25B945CB7
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......o.iP...............................................................k......-.L|..].HC...F.8.........H...........................................................................................................................................@...............8.......8...............4.P.................4...........p...............H...................H...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................A.b.s.t.r.a.c.t.S.t.y.l.e...............................I.t.e.m.................................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........K...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.S.t.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\3d97e4d68add4690c406bffa103dbc3bacab44dc.qmlc.ttGSGu

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1228
                                                                                                  Entropy (8bit):2.8695573549802735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:SeaEPwDSEEEEEEEATE7Q1cz3/jt/Kb4yRU5Z/gxz3JDKgdpsbKS/rVvVvEENoZ44:NafKoJ3J142yx7JWgdGKSJ9MRv
                                                                                                  MD5:5C195F4C21696AC584EB3FD461CD9D19
                                                                                                  SHA1:A1266EDD776AF6D48D9CDFF8C9436B7331D0B144
                                                                                                  SHA-256:AD7082E85485D2334E4694ED8E559597E0A96B028739EFD63871F811FF302CE7
                                                                                                  SHA-512:7C9010F6E22B86F8D05D726892262E5EFAC77FD3AF02E5CC8D987144720437A55A743A8AF538D4F72FC200F55622D70AF2E0D023A62A5C3A37DC24A25B945CB7
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......o.iP...............................................................k......-.L|..].HC...F.8.........H...........................................................................................................................................@...............8.......8...............4.P.................4...........p...............H...................H...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................A.b.s.t.r.a.c.t.S.t.y.l.e...............................I.t.e.m.................................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........K...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.S.t.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5500bd38753f2482e0659d7d69717145984ea43d.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20300
                                                                                                  Entropy (8bit):3.3643751464569
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:cc2gH1JT0ZaTmDL0VW4e+xYFbkkJ7dYMHzlGNFVfY/CFenJVSVKXNP1H+EL1BmoI:04vaXRz++VkOdYMHoIoS9hBE3p8c
                                                                                                  MD5:F61952729D7A9156CE6D168090CDD8D2
                                                                                                  SHA1:211FE1A6666242132BC5F85DCB45104CB5248CA1
                                                                                                  SHA-256:573ABC9FBCB9721040FC2C8439375EE3F6A65336D69BE22F4F1BAF881E507BCC
                                                                                                  SHA-512:9ED3557DECBA2C3DED68E3FD9C10427700D786099AA7267F1C26D34774AF19CA2356934C7432C5EE6EDAFF352020E90B53317CEBE1880B3DC73DEECB2EDCCBD8
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......>.iP....LO..................................................K.0.+A.c......<H......$....Si.O.............%...............................%........... ....... .......H.......H.......H.......H.......H.......H.......H...............0E..H........... ...h.......`...........X...........0....... ...................(.......(...........X........................... .......(...........H...s...`...s...........................s...................`...p...................s...........0.......................0...............................@...............@.......S.......`...........p...........................................@...............................................`...................................................................0.......`...................................................S.......0...........S...............#...........S.......`...............C...0.......p...............................................................S.......`.......s...P...s.......s...........

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5500bd38753f2482e0659d7d69717145984ea43d.qmlc.TcOaIF

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20300
                                                                                                  Entropy (8bit):3.3643751464569
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:cc2gH1JT0ZaTmDL0VW4e+xYFbkkJ7dYMHzlGNFVfY/CFenJVSVKXNP1H+EL1BmoI:04vaXRz++VkOdYMHoIoS9hBE3p8c
                                                                                                  MD5:F61952729D7A9156CE6D168090CDD8D2
                                                                                                  SHA1:211FE1A6666242132BC5F85DCB45104CB5248CA1
                                                                                                  SHA-256:573ABC9FBCB9721040FC2C8439375EE3F6A65336D69BE22F4F1BAF881E507BCC
                                                                                                  SHA-512:9ED3557DECBA2C3DED68E3FD9C10427700D786099AA7267F1C26D34774AF19CA2356934C7432C5EE6EDAFF352020E90B53317CEBE1880B3DC73DEECB2EDCCBD8
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......>.iP....LO..................................................K.0.+A.c......<H......$....Si.O.............%...............................%........... ....... .......H.......H.......H.......H.......H.......H.......H...............0E..H........... ...h.......`...........X...........0....... ...................(.......(...........X........................... .......(...........H...s...`...s...........................s...................`...p...................s...........0.......................0...............................@...............@.......S.......`...........p...........................................@...............................................`...................................................................0.......`...................................................S.......0...........S...............#...........S.......`...............C...0.......p...............................................................S.......`.......s...P...s.......s...........

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5548f25dea105b158c4b87a94d79043dc15a77e7.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6480
                                                                                                  Entropy (8bit):3.0407924003698694
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:0VHEUl2Nq9E/N8HEvHJ5g1OqMLCp2NxFg1nN80OVqkKhYvBu/0mvE:9qo8knjzjFen9OAhY8vE
                                                                                                  MD5:965DEA00FB3BF2B7F6EE5FDA96BA5CFD
                                                                                                  SHA1:A05642FEDB88C6A5EF97B69193BEBB7BAC9CC239
                                                                                                  SHA-256:73C4CCE315CCDDC9142E8E25BB6EFBFB9DF5DEF9B77AF1777E01819025D4B46D
                                                                                                  SHA-512:6F4865E71F1C042A5F55C469963907D46245B2EA7D5B04DEA1758964C56474BAC57D5BFABBCDE811C457B1410322887AF480EBF7756F9785F26F0B147D6BB30E
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....P....................................................f.L.N.alZ2.t.rE......3.........=...................,.......,.......,...9...,.......................(.......(.......(.......(.......(.......(.......(.......<...<.......(...........(...p...........P...........(...........c...p...........................s...............s.......................s...........c...........c...p........... ...........c...0........... ...c...A...S...`...p...S...........S...s.......s...................S...s......................................@...............8.......8...............Y.P.................Y.....:.J...L...:...........@...............8.......8..............._.P................._.........:....+....................@...............8.......8...............].P.................]...........@...............8.......8...............b...................b...........@...............8.......8...............d...................d.....:.:...........@...............8.......8...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\5548f25dea105b158c4b87a94d79043dc15a77e7.qmlc.kiQWdY

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6480
                                                                                                  Entropy (8bit):3.0407924003698694
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:0VHEUl2Nq9E/N8HEvHJ5g1OqMLCp2NxFg1nN80OVqkKhYvBu/0mvE:9qo8knjzjFen9OAhY8vE
                                                                                                  MD5:965DEA00FB3BF2B7F6EE5FDA96BA5CFD
                                                                                                  SHA1:A05642FEDB88C6A5EF97B69193BEBB7BAC9CC239
                                                                                                  SHA-256:73C4CCE315CCDDC9142E8E25BB6EFBFB9DF5DEF9B77AF1777E01819025D4B46D
                                                                                                  SHA-512:6F4865E71F1C042A5F55C469963907D46245B2EA7D5B04DEA1758964C56474BAC57D5BFABBCDE811C457B1410322887AF480EBF7756F9785F26F0B147D6BB30E
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....P....................................................f.L.N.alZ2.t.rE......3.........=...................,.......,.......,...9...,.......................(.......(.......(.......(.......(.......(.......(.......<...<.......(...........(...p...........P...........(...........c...p...........................s...............s.......................s...........c...........c...p........... ...........c...0........... ...c...A...S...`...p...S...........S...s.......s...................S...s......................................@...............8.......8...............Y.P.................Y.....:.J...L...:...........@...............8.......8..............._.P................._.........:....+....................@...............8.......8...............].P.................]...........@...............8.......8...............b...................b...........@...............8.......8...............d...................d.....:.:...........@...............8.......8...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\6f1165f366f2621ca519f4ccf16383865e41354e.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6068
                                                                                                  Entropy (8bit):3.8828197137637033
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:0aYT/fySwTbTOFPr3/1g0DpKSCtCRba/xbmXByB:WfAutls/Qq
                                                                                                  MD5:470E4F4EC0EF04116B575DB02B90D9DB
                                                                                                  SHA1:4A96CD7A725D5D91F957536B9BBA27BAD580B766
                                                                                                  SHA-256:4E895C7C05BA14A5DA0FB297D38430DC17BC7F0397D0877288F2E70230BC99F9
                                                                                                  SHA-512:148C80E7C755A4852DDBBC89766593A4E603277FB748B34E9C12473581FAEB7E200614792282D9B0DA8AA85E6FA52972AE99035E939B67E15B983673DEF093E3
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......~.iP........................................................`f...R....Z.y}.....,..9..y....K....)...................(.......(.......(...@...(.......(.......0.......`.......`.......`.......`.......`.......`.......`.......(...(.......`.......@...(...........P.......p... ...H...................C...c.......c...c...c...C...........s...s...c.......c...c.......c.......c...c...c.......S...c...S...c... ...S...C...................c.......c...C...c...P...C...c...`...c...C...`...p...c.......c...c...c...c...p...c...p...c...p...c...p...3...C...........................................................@...............8.......8...............0.P.................0...........h...&...........8.......@...............2.P.........................3.......4.......5.......7...#...8........n.pL...........................................`...........8.......@...............:.P.........................;.......<...8...=...<...>...Q...?...S...@...[...A...]...B...............:.d.LM......4....4.....f.L..

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\6f1165f366f2621ca519f4ccf16383865e41354e.qmlc.wIBOrB

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6068
                                                                                                  Entropy (8bit):3.8828197137637033
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:0aYT/fySwTbTOFPr3/1g0DpKSCtCRba/xbmXByB:WfAutls/Qq
                                                                                                  MD5:470E4F4EC0EF04116B575DB02B90D9DB
                                                                                                  SHA1:4A96CD7A725D5D91F957536B9BBA27BAD580B766
                                                                                                  SHA-256:4E895C7C05BA14A5DA0FB297D38430DC17BC7F0397D0877288F2E70230BC99F9
                                                                                                  SHA-512:148C80E7C755A4852DDBBC89766593A4E603277FB748B34E9C12473581FAEB7E200614792282D9B0DA8AA85E6FA52972AE99035E939B67E15B983673DEF093E3
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......~.iP........................................................`f...R....Z.y}.....,..9..y....K....)...................(.......(.......(...@...(.......(.......0.......`.......`.......`.......`.......`.......`.......`.......(...(.......`.......@...(...........P.......p... ...H...................C...c.......c...c...c...C...........s...s...c.......c...c.......c.......c...c...c.......S...c...S...c... ...S...C...................c.......c...C...c...P...C...c...`...c...C...`...p...c.......c...c...c...c...p...c...p...c...p...c...p...3...C...........................................................@...............8.......8...............0.P.................0...........h...&...........8.......@...............2.P.........................3.......4.......5.......7...#...8........n.pL...........................................`...........8.......@...............:.P.........................;.......<...8...=...<...>...Q...?...S...@...[...A...]...B...............:.d.LM......4....4.....f.L..

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\787d85fee79d3146cb1ea83bfc4078536870694d.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17376
                                                                                                  Entropy (8bit):3.176075720223001
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:XXI6PxQTQRxoIjHIvw5hG1OS7Vs4RRzRdfZXu+iKfWggh5hau:fCB1rs43fZCyXgau
                                                                                                  MD5:A615664F2DD7B11CA4F8DF69BE391E8F
                                                                                                  SHA1:6D7621DB1FE48657444F810DECDF2CCB00E3AC9B
                                                                                                  SHA-256:7E2E880FCF039D68196A41537E90354138C218CD4254157B9155A522CBEBBF8F
                                                                                                  SHA-512:98245923B3E676672D3DCB7CC8EF60A1D0B26CFF7991B20B01154892CB75BAC4E9F53BC6645572EBBAA68FD99C39052C6D3FFEC5A58310A585E00555AC2A72BE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......].iP.....C...................................................*..."...._V...MI{.,KcC....7u..............2...........................................................................................................................p9......H...........H...........p.......(...........`...........h.......(...p...........H........... ...........0...x...................0...x...........p...........`...........X...........@...........@...s.......s...........s.......s.......s.......s.......s...@...s...`...s...p...s.......s.......s.......s.......s.......s...............`...s... .......C...P.......C...`...#.......#...p.......s...P...s...`...s.......s.......s.......s...`.......................3...................................s........................... ...0...........0...........P...S...........`...........p...........P.......P.......................3...........................S.......S.......s...........S...............................................0...........................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\787d85fee79d3146cb1ea83bfc4078536870694d.qmlc.qDSdNN

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17376
                                                                                                  Entropy (8bit):3.176075720223001
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:XXI6PxQTQRxoIjHIvw5hG1OS7Vs4RRzRdfZXu+iKfWggh5hau:fCB1rs43fZCyXgau
                                                                                                  MD5:A615664F2DD7B11CA4F8DF69BE391E8F
                                                                                                  SHA1:6D7621DB1FE48657444F810DECDF2CCB00E3AC9B
                                                                                                  SHA-256:7E2E880FCF039D68196A41537E90354138C218CD4254157B9155A522CBEBBF8F
                                                                                                  SHA-512:98245923B3E676672D3DCB7CC8EF60A1D0B26CFF7991B20B01154892CB75BAC4E9F53BC6645572EBBAA68FD99C39052C6D3FFEC5A58310A585E00555AC2A72BE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......].iP.....C...................................................*..."...._V...MI{.,KcC....7u..............2...........................................................................................................................p9......H...........H...........p.......(...........`...........h.......(...p...........H........... ...........0...x...................0...x...........p...........`...........X...........@...........@...s.......s...........s.......s.......s.......s.......s...@...s...`...s...p...s.......s.......s.......s.......s.......s...............`...s... .......C...P.......C...`...#.......#...p.......s...P...s...`...s.......s.......s.......s...`.......................3...................................s........................... ...0...........0...........P...S...........`...........p...........P.......P.......................3...........................S.......S.......s...........S...............................................0...........................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\82065ce3b09e925a0fd8e5aa89ffcdba94de8c18.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11528
                                                                                                  Entropy (8bit):3.157184467304232
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ONomzreNHtJtEnKwmjYJstc/tHfAQ7fzk71lEbBh7eD+aYYZ6B1LPR9mh2aICb3:ONRatTwmS/wAqD+aYcO7MSi3
                                                                                                  MD5:FE067C585523137A51E38280A8905834
                                                                                                  SHA1:CB1F5A40D6A2E877D8EB6DC7C6F9B1D4A3CD6B2D
                                                                                                  SHA-256:EA77E0C7E8F870D136B5B2AAD119B8492DA86862392FC175A1D8829F0320D98C
                                                                                                  SHA-512:8897387E256997C2EAA23A23D41EF6121C9FAE4CEEEEF6DED6F556FFAF7249020C0822A46E7AB07A4B4913B80E15695D668CF0E3D4E4DC47DC0BE9D88B954CF4
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......].iP.....-..................................................8.....^...G.%HQ....Hm<..N.m..e......a...0...............l.......l.......l...}...l.......`.......`.......p.......p.......p.......p.......p.......p.......p.......`...`...X#..p...........X.......H...........H...........8...............h...........h.......x...........P...........X...........S.......S...p...................................p...................................p............................... ...............P...S.......3.......3...@...P...3...`...s...p...........................1.......S...s...s...........s...s...........s...s...........s...s.......P...............................................@...P.......@...........@...p........... ...............@...P.......@...p.......@...........s.......s...3.......3.......s.......................s...........P.......p..........................@.......-.......8.......8.........................................:.....@......./.......8.......8.......................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\82065ce3b09e925a0fd8e5aa89ffcdba94de8c18.qmlc.CyHxju

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11528
                                                                                                  Entropy (8bit):3.157184467304232
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ONomzreNHtJtEnKwmjYJstc/tHfAQ7fzk71lEbBh7eD+aYYZ6B1LPR9mh2aICb3:ONRatTwmS/wAqD+aYcO7MSi3
                                                                                                  MD5:FE067C585523137A51E38280A8905834
                                                                                                  SHA1:CB1F5A40D6A2E877D8EB6DC7C6F9B1D4A3CD6B2D
                                                                                                  SHA-256:EA77E0C7E8F870D136B5B2AAD119B8492DA86862392FC175A1D8829F0320D98C
                                                                                                  SHA-512:8897387E256997C2EAA23A23D41EF6121C9FAE4CEEEEF6DED6F556FFAF7249020C0822A46E7AB07A4B4913B80E15695D668CF0E3D4E4DC47DC0BE9D88B954CF4
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......].iP.....-..................................................8.....^...G.%HQ....Hm<..N.m..e......a...0...............l.......l.......l...}...l.......`.......`.......p.......p.......p.......p.......p.......p.......p.......`...`...X#..p...........X.......H...........H...........8...............h...........h.......x...........P...........X...........S.......S...p...................................p...................................p............................... ...............P...S.......3.......3...@...P...3...`...s...p...........................1.......S...s...s...........s...s...........s...s...........s...s.......P...............................................@...P.......@...........@...p........... ...............@...P.......@...p.......@...........s.......s...3.......3.......s.......................s...........P.......p..........................@.......-.......8.......8.........................................:.....@......./.......8.......8.......................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\93bd4c642a9a1741aeb4a72456b97b928f0af251.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16428
                                                                                                  Entropy (8bit):2.9683456688407
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:EmQj/b3f2JAMaIATfTXCjd8JvbIuf3zfAHmXt8pc8OEpWwUyMw7CByn9ULM/Ids3:EmUD+mMaIATfTXCctd8Xuo9UA/IdX
                                                                                                  MD5:67C197E11E7250F543161F092F67FF19
                                                                                                  SHA1:3ABA9D6885CA25C7B19155AE862F9D4379F139DA
                                                                                                  SHA-256:2C9B2457BC69E3E5FCCE08A3526982B870C1C228808A9C87878EBB2D1379127E
                                                                                                  SHA-512:DF04E4B7BF816490A85EE2360F0CE15304DEDB0BE11BDEDBF11F0D3C79E8AB0E1609A3639C425E4F3441AAC8554E46C61E39F6F610C29F3B76B89758165EFE12
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....,@.....................................................C.B.e;X0.8.c....Je.&..eM.......t.......,...............................{...................................................................................s...s....+......h.......0...x...........P...........(...p...........H...........0...x.......(........... ...x.......(...p...........`...........H...........0........... ...p...........H...C.......@.......................@...P...C.......`.......................`...P.......`...............`.......s.......s.......s.......................................@.......`...........#.......#.......s...s.......s...P...............................s... ...........s... .......s...P...s...0...s...@...s...P...C...s...`...`...C...C...s...`...`...P...#.......s...#...s...`...s.......s...#...#...#...s.......s.......s.......s.......s...s.......s... ...s...P...s.......#...s.......C...s...`...`.............................................................333333..{..G.z8.......E.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\93bd4c642a9a1741aeb4a72456b97b928f0af251.qmlc.NInSPP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16428
                                                                                                  Entropy (8bit):2.9683456688407
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:EmQj/b3f2JAMaIATfTXCjd8JvbIuf3zfAHmXt8pc8OEpWwUyMw7CByn9ULM/Ids3:EmUD+mMaIATfTXCctd8Xuo9UA/IdX
                                                                                                  MD5:67C197E11E7250F543161F092F67FF19
                                                                                                  SHA1:3ABA9D6885CA25C7B19155AE862F9D4379F139DA
                                                                                                  SHA-256:2C9B2457BC69E3E5FCCE08A3526982B870C1C228808A9C87878EBB2D1379127E
                                                                                                  SHA-512:DF04E4B7BF816490A85EE2360F0CE15304DEDB0BE11BDEDBF11F0D3C79E8AB0E1609A3639C425E4F3441AAC8554E46C61E39F6F610C29F3B76B89758165EFE12
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....,@.....................................................C.B.e;X0.8.c....Je.&..eM.......t.......,...............................{...................................................................................s...s....+......h.......0...x...........P...........(...p...........H...........0...x.......(........... ...x.......(...p...........`...........H...........0........... ...p...........H...C.......@.......................@...P...C.......`.......................`...P.......`...............`.......s.......s.......s.......................................@.......`...........#.......#.......s...s.......s...P...............................s... ...........s... .......s...P...s...0...s...@...s...P...C...s...`...`...C...C...s...`...`...P...#.......s...#...s...`...s.......s...#...#...#...s.......s.......s.......s.......s...s.......s... ...s...P...s.......#...s.......C...s...`...`.............................................................333333..{..G.z8.......E.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\996b1c3863545cfa416b64042a8a1ec4fba5cbe7.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4956
                                                                                                  Entropy (8bit):2.728502033942899
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:GiwOXzKkJs/NqKCi1wHmmJkSxceOlnkGEgdGBLDKcwXQt+tQ1lsUphkT/QvM2U2m:vDKkJslf31wHmukUzBLDKcktIly
                                                                                                  MD5:C07429A790DEDB70A0362591790E2641
                                                                                                  SHA1:B562F585313A4EDC7902706594C614D585976DAD
                                                                                                  SHA-256:FC6A8109F3046C2CEE60DB547824C88F8B948FC302C0A715D64EAAB5F0F68FDB
                                                                                                  SHA-512:6BBA013603C038FF5E60DA4EC92A56DFDE57281417B3C4BF11A90E132CAA641F6800F6ED83A03E3CE0DBD642A7F2783353B5E8EBBEE2FCCB719F33CDBEC2013B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......c.iP....\....................................................QH..?.K......^e.....{^I...={......)...p............................................... ....... .......P.......P.......P.......P.......P.......P.......P.......(...(.......P...........(.......s...s.......s......................................................@.......#.......8.......8...............|...................|...........@...............8.......8...............]...................]...........@...............8.......8...............d...................d.....:.....@...............8.......8...............c...................c.....:.........8...`...............@...h...................8...`...............(...P............... ...H...x...............@...................0...X...............H.......................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\996b1c3863545cfa416b64042a8a1ec4fba5cbe7.qmlc.hsFKJV

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4956
                                                                                                  Entropy (8bit):2.728502033942899
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:GiwOXzKkJs/NqKCi1wHmmJkSxceOlnkGEgdGBLDKcwXQt+tQ1lsUphkT/QvM2U2m:vDKkJslf31wHmukUzBLDKcktIly
                                                                                                  MD5:C07429A790DEDB70A0362591790E2641
                                                                                                  SHA1:B562F585313A4EDC7902706594C614D585976DAD
                                                                                                  SHA-256:FC6A8109F3046C2CEE60DB547824C88F8B948FC302C0A715D64EAAB5F0F68FDB
                                                                                                  SHA-512:6BBA013603C038FF5E60DA4EC92A56DFDE57281417B3C4BF11A90E132CAA641F6800F6ED83A03E3CE0DBD642A7F2783353B5E8EBBEE2FCCB719F33CDBEC2013B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......c.iP....\....................................................QH..?.K......^e.....{^I...={......)...p............................................... ....... .......P.......P.......P.......P.......P.......P.......P.......(...(.......P...........(.......s...s.......s......................................................@.......#.......8.......8...............|...................|...........@...............8.......8...............]...................]...........@...............8.......8...............d...................d.....:.....@...............8.......8...............c...................c.....:.........8...`...............@...h...................8...`...............(...P............... ...H...x...............@...................0...X...............H.......................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\9e2a507d0536e36a938aff5951b86d504e8a4616.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21068
                                                                                                  Entropy (8bit):3.1631162192275823
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:LoAqwMCoXoz9kGyy04HVxSw0679FenoC9oek9yt94ELRIdsY:sAqwMCukzadWS4ECx
                                                                                                  MD5:BCFEF2B29BA433247BD37585949D517B
                                                                                                  SHA1:A337A9BBC9A0757474F6B5B30B03021560E63000
                                                                                                  SHA-256:021229D5C40AB77DEE4235F495E181674E9E4A9795D9DA10E14B8DFC9F1EB875
                                                                                                  SHA-512:F19C13227AD37AFAD067C1CF2BDA51D9781BE783D41F213148DEDF8759428C6638E0E8059F0C3331607CF2BD8CBA5379447763C4FE7DDD86508A8C5ED01E9AED
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......P.iP....LR..................................................ba.Q.....!......WFd..o..|:.............H!..J........... ....... ....... ....... .......P.......P.......p.......p.......p.......p.......p.......p.......p................A..p...........X...........`...............(...x...........`.......0........... ...............X...........@...........@...........8.......h...............X...........8...........8...........8...........8...........H...........h....... .......P.......`...........X...........P...........@ ... ... ..c...p...c...p.......................................................@.......................................................`.......s...S...S...........s...S...S...........s...C...........s...C............... ....... ...C...#.......#.......S...#.......#.......................................................................................0...............0.......@.......`...............................0.......................3...........c...0...#...c...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\9e2a507d0536e36a938aff5951b86d504e8a4616.qmlc.gikSCc

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21068
                                                                                                  Entropy (8bit):3.1631162192275823
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:LoAqwMCoXoz9kGyy04HVxSw0679FenoC9oek9yt94ELRIdsY:sAqwMCukzadWS4ECx
                                                                                                  MD5:BCFEF2B29BA433247BD37585949D517B
                                                                                                  SHA1:A337A9BBC9A0757474F6B5B30B03021560E63000
                                                                                                  SHA-256:021229D5C40AB77DEE4235F495E181674E9E4A9795D9DA10E14B8DFC9F1EB875
                                                                                                  SHA-512:F19C13227AD37AFAD067C1CF2BDA51D9781BE783D41F213148DEDF8759428C6638E0E8059F0C3331607CF2BD8CBA5379447763C4FE7DDD86508A8C5ED01E9AED
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......P.iP....LR..................................................ba.Q.....!......WFd..o..|:.............H!..J........... ....... ....... ....... .......P.......P.......p.......p.......p.......p.......p.......p.......p................A..p...........X...........`...............(...x...........`.......0........... ...............X...........@...........@...........8.......h...............X...........8...........8...........8...........8...........H...........h....... .......P.......`...........X...........P...........@ ... ... ..c...p...c...p.......................................................@.......................................................`.......s...S...S...........s...S...S...........s...C...........s...C............... ....... ...C...#.......#.......S...#.......#.......................................................................................0...............0.......@.......`...............................0.......................3...........c...0...#...c...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ac3c7480891124faed95e1bdb8a33ee66b69f3cb.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1372
                                                                                                  Entropy (8bit):2.952951593183533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:NggkzGW3KCiotj3JLjCd3YM2/qgdGKS9hiMLteYX:Q6Ci4jJLjCdoZ/qgdGB97LtF
                                                                                                  MD5:2719521A37EEBBF4614C16515FA4F6C8
                                                                                                  SHA1:6067D0728B03E0754EAF6E92769FB5AEBDA6B7C3
                                                                                                  SHA-256:3D340F5271DE661A6ADB05356A3680F78172F9119AA056F663D5FBD13F3765C1
                                                                                                  SHA-512:BC54A828BCE1F19DAF0198A22C5D66DBD62C8028A3D4B123001AE1DA814B474A1077892B353EF3AFBF02E33DF5174C5178493B2702FF23865FA112709C8FB734
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......l.iP....\...................................................V.../I`A....6....PaO...UG...{:..........p...............................................................................................................................................`...S.......@...............8.......8...............V.P.................V.........:.....................................(...x...............8...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................B.u.t.t.o.n.............................b.u.t.t.o.n.............................s.t.y.l.e...............................e.x.p.r.e.s.s.i.o.n. .f.o.r. .s.t.y.l.e.................................S.e.t.t.i.n.g.s.................................s.t.y.l.e.C.o.m.p.o.n.e.n.t.............................T.o.o.l.B.u.t.t.o.n.S.t.y.l.e...q.m.l.......H...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ac3c7480891124faed95e1bdb8a33ee66b69f3cb.qmlc.jjcVKd

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1372
                                                                                                  Entropy (8bit):2.952951593183533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:NggkzGW3KCiotj3JLjCd3YM2/qgdGKS9hiMLteYX:Q6Ci4jJLjCdoZ/qgdGB97LtF
                                                                                                  MD5:2719521A37EEBBF4614C16515FA4F6C8
                                                                                                  SHA1:6067D0728B03E0754EAF6E92769FB5AEBDA6B7C3
                                                                                                  SHA-256:3D340F5271DE661A6ADB05356A3680F78172F9119AA056F663D5FBD13F3765C1
                                                                                                  SHA-512:BC54A828BCE1F19DAF0198A22C5D66DBD62C8028A3D4B123001AE1DA814B474A1077892B353EF3AFBF02E33DF5174C5178493B2702FF23865FA112709C8FB734
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......l.iP....\...................................................V.../I`A....6....PaO...UG...{:..........p...............................................................................................................................................`...S.......@...............8.......8...............V.P.................V.........:.....................................(...x...............8...h...................................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................B.u.t.t.o.n.............................b.u.t.t.o.n.............................s.t.y.l.e...............................e.x.p.r.e.s.s.i.o.n. .f.o.r. .s.t.y.l.e.................................S.e.t.t.i.n.g.s.................................s.t.y.l.e.C.o.m.p.o.n.e.n.t.............................T.o.o.l.B.u.t.t.o.n.S.t.y.l.e...q.m.l.......H...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad13a2663127774445d90b3af449d01ad81b0ca3.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14524
                                                                                                  Entropy (8bit):2.9404134904344024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:28go7WxSP8LMHpm45eensgBV5lDPreZYJLQktV:fgzxohzD5lDTeWtV
                                                                                                  MD5:DF914E17ECE93B189C0F1302AD2F38D9
                                                                                                  SHA1:610C0ADC69DA604C28F42A15CC8581528BE9EE77
                                                                                                  SHA-256:0EF134B25FCA17142DC42031DBF7078032FD0F5D7139597ED621DAC5F7737C93
                                                                                                  SHA-512:A158327AC0A7CFCF661130C170278040B1A7B8D2522512BB1A93A30AEC9D32F42D9F66483F56952575182D4BFC424FA5F4310602B6BFD4719FD84E00192B2D72
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......!.iP.....8..................................................qZE}..WiM.mp.X .|.!.YH..6`....%.....f.......#...........................................................................H.......H.......H.......H.......H.......d...d....%..H...........8...........(...x...........X...........@...........8...........P...........`...........X...........X...........`...........H.......S.......c...S...........S...........S...........S.......#...S.......S...S...........S........................................................... .......0...C...S.......`.......................p...............@.......P...............................p...............................0.......0.......@.......P...........@.......P...................0.......................................@.......P............... ...3...S.......@.......P.......S...`...S...p...@...................................S...`...S...p...........`...p.......#...0...........................................................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad13a2663127774445d90b3af449d01ad81b0ca3.qmlc.mKpLun

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14524
                                                                                                  Entropy (8bit):2.9404134904344024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:28go7WxSP8LMHpm45eensgBV5lDPreZYJLQktV:fgzxohzD5lDTeWtV
                                                                                                  MD5:DF914E17ECE93B189C0F1302AD2F38D9
                                                                                                  SHA1:610C0ADC69DA604C28F42A15CC8581528BE9EE77
                                                                                                  SHA-256:0EF134B25FCA17142DC42031DBF7078032FD0F5D7139597ED621DAC5F7737C93
                                                                                                  SHA-512:A158327AC0A7CFCF661130C170278040B1A7B8D2522512BB1A93A30AEC9D32F42D9F66483F56952575182D4BFC424FA5F4310602B6BFD4719FD84E00192B2D72
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......!.iP.....8..................................................qZE}..WiM.mp.X .|.!.YH..6`....%.....f.......#...........................................................................H.......H.......H.......H.......H.......d...d....%..H...........8...........(...x...........X...........@...........8...........P...........`...........X...........X...........`...........H.......S.......c...S...........S...........S...........S.......#...S.......S...S...........S........................................................... .......0...C...S.......`.......................p...............@.......P...............................p...............................0.......0.......@.......P...........@.......P...................0.......................................@.......P............... ...3...S.......@.......P.......S...`...S...p...@...................................S...`...S...p...........`...p.......#...0...........................................................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad5fb7319f2136972214ac0209f2e89c047eb735.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4164
                                                                                                  Entropy (8bit):2.8950062331040836
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:X7GMUgBd3pJFIE7ELti8ybInkH4oOkQEgdGBOJ+yy0rg2jjlrk0S:X0gLZJ77EI49QBKf04xkX
                                                                                                  MD5:C7039A09CDECC43D932BD9136048C245
                                                                                                  SHA1:26EDDEDA3E7CB4C8918F3C20E7A768DB0E4CBBAD
                                                                                                  SHA-256:C0875F02BE9F878F26424A6B5DA3591C437480D1B38B8D6D3E97282987103E84
                                                                                                  SHA-512:8A19E65FBF74BB95F1D1CD50068089AD3CA5639489A6DFC25219933EF9F8F946EEB46F8910E8DDB64C86A93F2E95736636A55F6A475FBB508E699C5C4AD4679F
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......!.iP....D...................................................5.(.......$...G.&A...TBr.....9......%...................................................\.......`.......p.......p.......p.......p.......p.......p.......p.......$...$.......p...........X...........0.......c.......c...........3...3...3...3...s...................S.......3......................@...............8.......8...............;.P.................;.....:.L...:.:.H...........@...............8.......8...............6.P.................6...........@...............8.......8...............7.P.................7...........@...............8.......8...............8.P.................8...........@...............8.......8...............9.P.................9...........@...............8.......8...............4.P.................4.....:.....@...............8.......8...............A...................A.........:...."....................@...............8.......8...............@...................@...........p...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ad5fb7319f2136972214ac0209f2e89c047eb735.qmlc.HWArLS

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4164
                                                                                                  Entropy (8bit):2.8950062331040836
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:X7GMUgBd3pJFIE7ELti8ybInkH4oOkQEgdGBOJ+yy0rg2jjlrk0S:X0gLZJ77EI49QBKf04xkX
                                                                                                  MD5:C7039A09CDECC43D932BD9136048C245
                                                                                                  SHA1:26EDDEDA3E7CB4C8918F3C20E7A768DB0E4CBBAD
                                                                                                  SHA-256:C0875F02BE9F878F26424A6B5DA3591C437480D1B38B8D6D3E97282987103E84
                                                                                                  SHA-512:8A19E65FBF74BB95F1D1CD50068089AD3CA5639489A6DFC25219933EF9F8F946EEB46F8910E8DDB64C86A93F2E95736636A55F6A475FBB508E699C5C4AD4679F
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......!.iP....D...................................................5.(.......$...G.&A...TBr.....9......%...................................................\.......`.......p.......p.......p.......p.......p.......p.......p.......$...$.......p...........X...........0.......c.......c...........3...3...3...3...s...................S.......3......................@...............8.......8...............;.P.................;.....:.L...:.:.H...........@...............8.......8...............6.P.................6...........@...............8.......8...............7.P.................7...........@...............8.......8...............8.P.................8...........@...............8.......8...............9.P.................9...........@...............8.......8...............4.P.................4.....:.....@...............8.......8...............A...................A.........:...."....................@...............8.......8...............@...................@...........p...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b11b513b07e5a3b2eec3f242cdfd4ccebeb0bb4f.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12560
                                                                                                  Entropy (8bit):3.0318477296842987
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:9xZOHqWZDZU7rAJ5PbIn4Bf3gHmQG82EUfWzoZnSQ722TaBtmSIUR2VkfjxMi:L0HFZ9U3I5K2ZD8mYRY8H
                                                                                                  MD5:AA1B879736E224D550C09EED542AB32F
                                                                                                  SHA1:6FAD50A39A57EFE56DE7E066C3B9F738B3667FA3
                                                                                                  SHA-256:C007D82B2283408EB84B243BEDC50712E4B1DC162BB03AFD12D66A39C3B9DFA4
                                                                                                  SHA-512:662EDEB7000128F3B2FE081D8117839F555D3CF715DA7ABF983F0C0139D1B30C1CCBA23F8BD45044F2A171D3A406B940246557CFA84F2CC42C118A24B3D8BBD5
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......S.iP.....1....................................................9.=..V#. .8Z.1.}<(^.'..C.........e...................l.......l.......l...M...l...............................................................................d...d....#......8...............X...........H...........P...........(...p...........P...........0...........8...........8.......................................S.......S...0...S...P...#...........s...........#...............s.......................s.......S.......S.......................p.......s.......s... .......S...c...s.......p...c...s...........c...s........................................... .......0.......s...........s.....................@..............E.................333333..{..G.z8.................@.......4.......8.......8.........................................:.....@.......6.......8.......8.........................................:.....@.......8.......8.......8.........................................:.....@.......9.......8.......8.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b11b513b07e5a3b2eec3f242cdfd4ccebeb0bb4f.qmlc.uTGTWA

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12560
                                                                                                  Entropy (8bit):3.0318477296842987
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:9xZOHqWZDZU7rAJ5PbIn4Bf3gHmQG82EUfWzoZnSQ722TaBtmSIUR2VkfjxMi:L0HFZ9U3I5K2ZD8mYRY8H
                                                                                                  MD5:AA1B879736E224D550C09EED542AB32F
                                                                                                  SHA1:6FAD50A39A57EFE56DE7E066C3B9F738B3667FA3
                                                                                                  SHA-256:C007D82B2283408EB84B243BEDC50712E4B1DC162BB03AFD12D66A39C3B9DFA4
                                                                                                  SHA-512:662EDEB7000128F3B2FE081D8117839F555D3CF715DA7ABF983F0C0139D1B30C1CCBA23F8BD45044F2A171D3A406B940246557CFA84F2CC42C118A24B3D8BBD5
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......S.iP.....1....................................................9.=..V#. .8Z.1.}<(^.'..C.........e...................l.......l.......l...M...l...............................................................................d...d....#......8...............X...........H...........P...........(...p...........P...........0...........8...........8.......................................S.......S...0...S...P...#...........s...........#...............s.......................s.......S.......S.......................p.......s.......s... .......S...c...s.......p...c...s...........c...s........................................... .......0.......s...........s.....................@..............E.................333333..{..G.z8.................@.......4.......8.......8.........................................:.....@.......6.......8.......8.........................................:.....@.......8.......8.......8.........................................:.....@.......9.......8.......8.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b361caace189613308ac33939a943da0d4fbce93.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26720
                                                                                                  Entropy (8bit):3.273564498575007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:MOQp3vVaVp94XEnLEtc/V0BhUHUV6mHLA/KZkSGcLWenAqdA4VFa6P1rXGjBq:M1daVj6mL9mZVbHXfxt6I
                                                                                                  MD5:E35DB2F6285599D217FE8CE62F10A053
                                                                                                  SHA1:B8F1383EF324C13FE4A92F6E55282486EE85AE43
                                                                                                  SHA-256:C915646DFECCE08DBF064625C9FAF7FA6109DAF250C494437CDEDA33E6A63ED9
                                                                                                  SHA-512:7AAE74E77A28F095D3AA3F1B72BE45954085899798B14C39CE1A7853120029C96770C87B9663955C2DE11AB555DB6A67F940AF61D07F557EB1C1E50B72D8AA6F
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......0.iP....`h....................................................D.C.#j....#..3...XU.......n.........'..D...............................g............................................................................................Z......@........... ...p...........P...0...x.......(...........X...........h...........p.......8...........@.......h.......P.......0...........h.......`.......H...H...............8...........X...................( ... ..`!...!..."..(#..x#...#..0$...$...$..H%...%...%..H&...&..s...c.......0.......c...`.......................`...........................................................................................................3.......3... ...3...0.......@...s...............Q...............`...........`.......c.......p.......................................................c.......................c....................................................................... ...........@.......................`...........................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\b361caace189613308ac33939a943da0d4fbce93.qmlc.ijIqZz

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26720
                                                                                                  Entropy (8bit):3.273564498575007
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:MOQp3vVaVp94XEnLEtc/V0BhUHUV6mHLA/KZkSGcLWenAqdA4VFa6P1rXGjBq:M1daVj6mL9mZVbHXfxt6I
                                                                                                  MD5:E35DB2F6285599D217FE8CE62F10A053
                                                                                                  SHA1:B8F1383EF324C13FE4A92F6E55282486EE85AE43
                                                                                                  SHA-256:C915646DFECCE08DBF064625C9FAF7FA6109DAF250C494437CDEDA33E6A63ED9
                                                                                                  SHA-512:7AAE74E77A28F095D3AA3F1B72BE45954085899798B14C39CE1A7853120029C96770C87B9663955C2DE11AB555DB6A67F940AF61D07F557EB1C1E50B72D8AA6F
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......0.iP....`h....................................................D.C.#j....#..3...XU.......n.........'..D...............................g............................................................................................Z......@........... ...p...........P...0...x.......(...........X...........h...........p.......8...........@.......h.......P.......0...........h.......`.......H...H...............8...........X...................( ... ..`!...!..."..(#..x#...#..0$...$...$..H%...%...%..H&...&..s...c.......0.......c...`.......................`...........................................................................................................3.......3... ...3...0.......@...s...............Q...............`...........`.......c.......p.......................................................c.......................c....................................................................... ...........@.......................`...........................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c1ee71c99c0712d7f3f3032eee231e33d7eb03fd.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12584
                                                                                                  Entropy (8bit):3.0850224374445347
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:PpzeepvmnMIGGjYQHqtXYazn7W2ESAkflG:PFeYNrW/faza2ES38
                                                                                                  MD5:471608A469CA40701EE3503ED8E557E6
                                                                                                  SHA1:693BA9944606108488C09D4A64BCE5E982977201
                                                                                                  SHA-256:E44BE2B3BA56AF4B5C156D55BD27C0DB1756FBD7E67E2CBB2AF9421F7FC6FF7C
                                                                                                  SHA-512:29FD13F4F0CA329105526CE27920BC972014C45BF91DD777731C527229FA7C0BF49C0E6816D440FFB769A8CF38830E4F37ECEECB309E678ACC8F2ADECC1A7AA4
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....(1..................................................ey.i.9........./.Y.....^;.D$.....o...@...............h.......h.......h...\...h...............................................................................n...n....&......p.......(...........8...........8...........(...........0...x...........P...........H...........8.......................................P...#...c............... .......@...c...............P.......`.......p.......p...........................................@...................s........... ...........0...............................@.......P.......p.......P...................................c.......`...c...................s.......s...........s...........s...........s.............................................................333333..@...............8.......8................................................:..............@.......>.......8.......8.........................................:.....|.......@...#...A.......8.......8...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c1ee71c99c0712d7f3f3032eee231e33d7eb03fd.qmlc.tsPAkn

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12584
                                                                                                  Entropy (8bit):3.0850224374445347
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:PpzeepvmnMIGGjYQHqtXYazn7W2ESAkflG:PFeYNrW/faza2ES38
                                                                                                  MD5:471608A469CA40701EE3503ED8E557E6
                                                                                                  SHA1:693BA9944606108488C09D4A64BCE5E982977201
                                                                                                  SHA-256:E44BE2B3BA56AF4B5C156D55BD27C0DB1756FBD7E67E2CBB2AF9421F7FC6FF7C
                                                                                                  SHA-512:29FD13F4F0CA329105526CE27920BC972014C45BF91DD777731C527229FA7C0BF49C0E6816D440FFB769A8CF38830E4F37ECEECB309E678ACC8F2ADECC1A7AA4
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....(1..................................................ey.i.9........./.Y.....^;.D$.....o...@...............h.......h.......h...\...h...............................................................................n...n....&......p.......(...........8...........8...........(...........0...x...........P...........H...........8.......................................P...#...c............... .......@...c...............P.......`.......p.......p...........................................@...................s........... ...........0...............................@.......P.......p.......P...................................c.......`...c...................s.......s...........s...........s...........s.............................................................333333..@...............8.......8................................................:..............@.......>.......8.......8.........................................:.....|.......@...#...A.......8.......8...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c2028dde7343885537152f847bbef4229e160c80.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9708
                                                                                                  Entropy (8bit):3.184623355941739
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:zbvTR7kvp9JliVdDIH8HVe2Do8htFqsnhehhUuXsFhiScphNk+tl+L2yl4naz:zLTR4bDiM3m3hesjiScbW+uHz
                                                                                                  MD5:C6F12BC4C43F9A2117E731A3F74DB115
                                                                                                  SHA1:1129825312AD913154F5C651F2D3858FBAB8FE18
                                                                                                  SHA-256:9405F4D55F1464BD9FCD65C2B69D84CE22FA1844DF8125DD8FE54683A5F63F5B
                                                                                                  SHA-512:BC33870C2F0AA94BE3E90DEE0C53E4DEF19E695B5A141DEE95E64613D29F6AF2C5FE4AFFA4B8577CC763BFCE9835E59F543A85F1EE415D184AF5AD59D91F1442
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......W.iP.....%.....................................................{,...K...Ak...9.a.k.F...~...s....O...................@.......@.......@...3...@.......................@.......@.......@.......@.......@.......@.......@.......N...N...x...@...............`...........8.......................`.......0...................C.......C.......C...P.......#...S.......c...`...s...C...`.......C...p...........C...........C...........C...........C...........C...............s...................................#...........S......................................................@...............8.......8.................P.............................@...............8.......8.................P.............................@...............8.......8...............k...................k.....:.....@...............8.......8...............s...................s.....:.....@.......'.......8.......8...............~...................~.....:.....@.......(.......8.......8.......................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c2028dde7343885537152f847bbef4229e160c80.qmlc.fXbZtc

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9708
                                                                                                  Entropy (8bit):3.184623355941739
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:zbvTR7kvp9JliVdDIH8HVe2Do8htFqsnhehhUuXsFhiScphNk+tl+L2yl4naz:zLTR4bDiM3m3hesjiScbW+uHz
                                                                                                  MD5:C6F12BC4C43F9A2117E731A3F74DB115
                                                                                                  SHA1:1129825312AD913154F5C651F2D3858FBAB8FE18
                                                                                                  SHA-256:9405F4D55F1464BD9FCD65C2B69D84CE22FA1844DF8125DD8FE54683A5F63F5B
                                                                                                  SHA-512:BC33870C2F0AA94BE3E90DEE0C53E4DEF19E695B5A141DEE95E64613D29F6AF2C5FE4AFFA4B8577CC763BFCE9835E59F543A85F1EE415D184AF5AD59D91F1442
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......W.iP.....%.....................................................{,...K...Ak...9.a.k.F...~...s....O...................@.......@.......@...3...@.......................@.......@.......@.......@.......@.......@.......@.......N...N...x...@...............`...........8.......................`.......0...................C.......C.......C...P.......#...S.......c...`...s...C...`.......C...p...........C...........C...........C...........C...........C...............s...................................#...........S......................................................@...............8.......8.................P.............................@...............8.......8.................P.............................@...............8.......8...............k...................k.....:.....@...............8.......8...............s...................s.....:.....@.......'.......8.......8...............~...................~.....:.....@.......(.......8.......8.......................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c4ae53859a74117706ef95368768b9f9debae34e.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2196
                                                                                                  Entropy (8bit):2.917099219044313
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:vNkKY6mf9sFIGa4NYqDMGliapMtEgdGKMBHqvMdLHWe99AEPGnmpvN/2e21e6l:vN0f9sFMmHlfMtEgdGhBFDj2mpvR2PH
                                                                                                  MD5:1A02F8A23D0952A3EC78BA589DCC8C4A
                                                                                                  SHA1:D30DC69DB0A77E4EFDDEE614FDC2C68B66F2648E
                                                                                                  SHA-256:FB7063C6AAC0376783BCC6228C95A1394424F6BF61001F5E634FCAD2500D4500
                                                                                                  SHA-512:B3901552AF15450F5D2EC45D93A9E992EC0ED2F8E188799CA30E4079F24514BF1D71756490FB1F7A870E47753ABD374DA4819767D961BDF77516994BD593EBAE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP........................................................o.. ..Z.......!.`..3.GO!..^..9g........H.......................................................................................................................................C...@...............8.......8...............Y...................Y.......................8...`...................0...p...................P...................@...h...........................................................Q.t.Q.u.i.c.k...........................Q.t.G.r.a.p.h.i.c.a.l.E.f.f.e.c.t.s...p.r.i.v.a.t.e.............................I.t.e.m.................................r.o.o.t.................................D.r.o.p.S.h.a.d.o.w.B.a.s.e.............................d.b.s...........................a.n.c.h.o.r.s...........................f.i.l.l.................................e.x.p.r.e.s.s.i.o.n. .f.o.r. .f.i.l.l...........................s.o.u.r.c.e.............................r.a.d.i.u.s.............................s.a.m.p.l.e.s...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c4ae53859a74117706ef95368768b9f9debae34e.qmlc.jEhlMd

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2196
                                                                                                  Entropy (8bit):2.917099219044313
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:vNkKY6mf9sFIGa4NYqDMGliapMtEgdGKMBHqvMdLHWe99AEPGnmpvN/2e21e6l:vN0f9sFMmHlfMtEgdGhBFDj2mpvR2PH
                                                                                                  MD5:1A02F8A23D0952A3EC78BA589DCC8C4A
                                                                                                  SHA1:D30DC69DB0A77E4EFDDEE614FDC2C68B66F2648E
                                                                                                  SHA-256:FB7063C6AAC0376783BCC6228C95A1394424F6BF61001F5E634FCAD2500D4500
                                                                                                  SHA-512:B3901552AF15450F5D2EC45D93A9E992EC0ED2F8E188799CA30E4079F24514BF1D71756490FB1F7A870E47753ABD374DA4819767D961BDF77516994BD593EBAE
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP........................................................o.. ..Z.......!.`..3.GO!..^..9g........H.......................................................................................................................................C...@...............8.......8...............Y...................Y.......................8...`...................0...p...................P...................@...h...........................................................Q.t.Q.u.i.c.k...........................Q.t.G.r.a.p.h.i.c.a.l.E.f.f.e.c.t.s...p.r.i.v.a.t.e.............................I.t.e.m.................................r.o.o.t.................................D.r.o.p.S.h.a.d.o.w.B.a.s.e.............................d.b.s...........................a.n.c.h.o.r.s...........................f.i.l.l.................................e.x.p.r.e.s.s.i.o.n. .f.o.r. .f.i.l.l...........................s.o.u.r.c.e.............................r.a.d.i.u.s.............................s.a.m.p.l.e.s...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c5d7bacae2464496780d49831484eb4ad8b703ad.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14760
                                                                                                  Entropy (8bit):3.2645090444783005
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hPww8+p059/aI8tcAow5JfhqxMUbbvSyfYbaA/ieKkPKuzKUt:hPww8+G/u2gJ66NzKUt
                                                                                                  MD5:91C2B29BDCEEA5ABD7DF1F114744ED1E
                                                                                                  SHA1:F5E255D77C834EE1BC3CC952A21345BE1C904FEC
                                                                                                  SHA-256:BE3B6F494E3C5A46BF183A559C7E2C0D268C9BD701AEF2EAF8DD883EA794BA6D
                                                                                                  SHA-512:2C70BE10C30E4C086459B2A6F1EECAD8B784F8971F75B5FC591AB19F8FFF63BD92A9C646CBBE462DCDD006A28EEACF3025E2DA826F795346AB302F4D35687081
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....9..................................................\..!y...h.R.O.7.y..G.W..Z%........w...x...+...................................................................8.......8.......8.......8.......8.......8.......v...v..../..8...........@...........P...........(...p...........H.......P...........h...........P...........P...................(........... ...h...........`...........P...........0...c.......p...s...........s...............s.......c...........#...............................#...c...........S...........S...p...#...........................0...1.......#.......S...`...S...........S...p...S.......3....... ....... ...S.......S.......S.......S...............S...p...S... .......S.......S...`...@...S.......c...c...S...0...P.......S.......S...........S...p.......S....... ....... .......S...p.......S.......S.......S.......S.......S.......S...................0...................S.......S...`...@...............@.......`...S..........................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c5d7bacae2464496780d49831484eb4ad8b703ad.qmlc.BSxlRu

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14760
                                                                                                  Entropy (8bit):3.2645090444783005
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hPww8+p059/aI8tcAow5JfhqxMUbbvSyfYbaA/ieKkPKuzKUt:hPww8+G/u2gJ66NzKUt
                                                                                                  MD5:91C2B29BDCEEA5ABD7DF1F114744ED1E
                                                                                                  SHA1:F5E255D77C834EE1BC3CC952A21345BE1C904FEC
                                                                                                  SHA-256:BE3B6F494E3C5A46BF183A559C7E2C0D268C9BD701AEF2EAF8DD883EA794BA6D
                                                                                                  SHA-512:2C70BE10C30E4C086459B2A6F1EECAD8B784F8971F75B5FC591AB19F8FFF63BD92A9C646CBBE462DCDD006A28EEACF3025E2DA826F795346AB302F4D35687081
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....9..................................................\..!y...h.R.O.7.y..G.W..Z%........w...x...+...................................................................8.......8.......8.......8.......8.......8.......v...v..../..8...........@...........P...........(...p...........H.......P...........h...........P...........P...................(........... ...h...........`...........P...........0...c.......p...s...........s...............s.......c...........#...............................#...c...........S...........S...p...#...........................0...1.......#.......S...`...S...........S...p...S.......3....... ....... ...S.......S.......S.......S...............S...p...S... .......S.......S...`...@...S.......c...c...S...0...P.......S.......S...........S...p.......S....... ....... .......S...p.......S.......S.......S.......S.......S.......S...................0...................S.......S...`...@...............@.......`...S..........................................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c666cfe04963ee29fbcaf545cc2e7df6b0eccd00.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1012
                                                                                                  Entropy (8bit):2.8860425078641154
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:asLiWssssssp+V3Jb/gdGKSR9aMkQNMR1:a4iH1JLgdGBNkQyj
                                                                                                  MD5:F4891BE6F13D77F1E7197919DAFD97F0
                                                                                                  SHA1:D2E68D9CC209A00AC28A9F1FBAF2CD05B8CDB8FB
                                                                                                  SHA-256:CEEA5556A1C95B60201BE946295A81FA22AC4BAC666CAA9669EE4F333FFFEE14
                                                                                                  SHA-512:D144CCA07B7707456245EDE348339985A0DBFCFE54035C1AA2749054BBA85C84188ACEF35CD1C98527716EF8DA974368136E6FF94E663C9E7EC4D075378C4897
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......:.iP..........................................................&{T1..J.(......?.=*........oQ........................................................................................................................................ ..................?(...H...p...........(...P...............................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................I.t.e.m.................................m.a.r.g.i.n.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.F.o.c.u.s.F.r.a.m.e.S.t.y.l.e...q.m.l...................X.......................(.......................).......................*...\.......................T...T...`.......`...`.......`.......x...1.......x.......x.............. 2.P.............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c666cfe04963ee29fbcaf545cc2e7df6b0eccd00.qmlc.ZjMAfb

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1012
                                                                                                  Entropy (8bit):2.8860425078641154
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:asLiWssssssp+V3Jb/gdGKSR9aMkQNMR1:a4iH1JLgdGBNkQyj
                                                                                                  MD5:F4891BE6F13D77F1E7197919DAFD97F0
                                                                                                  SHA1:D2E68D9CC209A00AC28A9F1FBAF2CD05B8CDB8FB
                                                                                                  SHA-256:CEEA5556A1C95B60201BE946295A81FA22AC4BAC666CAA9669EE4F333FFFEE14
                                                                                                  SHA-512:D144CCA07B7707456245EDE348339985A0DBFCFE54035C1AA2749054BBA85C84188ACEF35CD1C98527716EF8DA974368136E6FF94E663C9E7EC4D075378C4897
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......:.iP..........................................................&{T1..J.(......?.=*........oQ........................................................................................................................................ ..................?(...H...p...........(...P...............................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s...P.r.i.v.a.t.e.................................I.t.e.m.................................m.a.r.g.i.n.........Y...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.F.o.c.u.s.F.r.a.m.e.S.t.y.l.e...q.m.l...................X.......................(.......................).......................*...\.......................T...T...`.......`...`.......`.......x...1.......x.......x.............. 2.P.............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c696b2d71e97b1667a3722e58df41bdd349652e4.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33244
                                                                                                  Entropy (8bit):3.3962493375497824
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:z625Y0DP10wXllWmk5p9E6KnEGnf8Ck9zCwj9YtQRsIl0:GmYOJlUpgf8/0UHsT
                                                                                                  MD5:61DF8BD12D7C9CCDC09E99DA71C9C6AB
                                                                                                  SHA1:81C3494989C89D19897A26057AE3021E80C5AA9F
                                                                                                  SHA-256:06A587F93B9E44A2DDD6765905E4BEEDF72E7BB3A2D1DC868112CF6CB84467C7
                                                                                                  SHA-512:EBE2ACAE76D6B12C5FB1AD022032B8D9B5360340D7D6F8C8D06FD19E2FBC68BDE07F30D5C63423BB04FDF4DDCBAE04F6081AD136117CEA7DCD90F84D43E4182B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.........................................................N)Q.[K..j.LLJ..,...ZB......@........../..J........... ....... ....... .......$.......p.......p........................................................................p...... ...........0...........H...........H.......P.......H...............8...........h...........H...................H.......8........... ...h...........h.......@...........`...x...........( ..p ... ..0!...!...!..`"..."...#..X#...#...#..X$...$...$...%..8&...&...'..X'...*..p*...,...-..P-..x...@/.../..........c...........c...................................s...#.......................s...s...........p...s........................... ...................................0.......................................!.......c...............................................!.......c...........................s....................... ........... ....... ...............c...............Q...................................................0.......S...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\c696b2d71e97b1667a3722e58df41bdd349652e4.qmlc.bgpNfV

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33244
                                                                                                  Entropy (8bit):3.3962493375497824
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:z625Y0DP10wXllWmk5p9E6KnEGnf8Ck9zCwj9YtQRsIl0:GmYOJlUpgf8/0UHsT
                                                                                                  MD5:61DF8BD12D7C9CCDC09E99DA71C9C6AB
                                                                                                  SHA1:81C3494989C89D19897A26057AE3021E80C5AA9F
                                                                                                  SHA-256:06A587F93B9E44A2DDD6765905E4BEEDF72E7BB3A2D1DC868112CF6CB84467C7
                                                                                                  SHA-512:EBE2ACAE76D6B12C5FB1AD022032B8D9B5360340D7D6F8C8D06FD19E2FBC68BDE07F30D5C63423BB04FDF4DDCBAE04F6081AD136117CEA7DCD90F84D43E4182B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.........................................................N)Q.[K..j.LLJ..,...ZB......@........../..J........... ....... ....... .......$.......p.......p........................................................................p...... ...........0...........H...........H.......P.......H...............8...........h...........H...................H.......8........... ...h...........h.......@...........`...x...........( ..p ... ..0!...!...!..`"..."...#..X#...#...#..X$...$...$...%..8&...&...'..X'...*..p*...,...-..P-..x...@/.../..........c...........c...................................s...#.......................s...s...........p...s........................... ...................................0.......................................!.......c...............................................!.......c...........................s....................... ........... ....... ...............c...............Q...................................................0.......S...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cc3d9115cf5243972d568a6431d1e2f5ddaa8945.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6680
                                                                                                  Entropy (8bit):3.1030620076365634
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:8g4awvbuGFJcjg98dXv54Ou1J1IT2/m2lL67XU8N2N46To2MykBTFoYrfj:8vawjZF2hubyA3vSfj
                                                                                                  MD5:5BFC88567E6E5E489E167A0C8F8BCA67
                                                                                                  SHA1:7A67EBC1D28A572C0AD3AB99851D0F6D07D3909F
                                                                                                  SHA-256:E6CB0CD3B106BD8103FC8AB3E645C5C257562F9C24B3EDE0E9A61FCCE92AC574
                                                                                                  SHA-512:F378BE28CC21E70E3146923E38E1B0234B53A68070A8FD5005479690008EA4D8C433780A8C2B2BF680F1123EC511B75B60D0F9B19D5AFE95673CC857D9C15C00
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.........................................................w...#..P.%.......e.|9<..{.m,.c....>...x...............(.......(.......(...*...(...............................................................................=...=...x.......0.......H...........0...........@....... ...c...c.......................c...............0...c...@...S...S...........!...c.......!...c...p.......c.......c.......p...........c...........................c..................@................@...............8.......8...............................................H...............8.......@...............r.P.........................s.........:.................p...C...........8.......H...............{.P.................................|.......}.......~...1.......@.........pL......2...........0.................................................@...............8.......8.................P.......................L...:.H.......@...............8.......8.................@.......................0.....@.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cc3d9115cf5243972d568a6431d1e2f5ddaa8945.qmlc.iONixA

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6680
                                                                                                  Entropy (8bit):3.1030620076365634
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:8g4awvbuGFJcjg98dXv54Ou1J1IT2/m2lL67XU8N2N46To2MykBTFoYrfj:8vawjZF2hubyA3vSfj
                                                                                                  MD5:5BFC88567E6E5E489E167A0C8F8BCA67
                                                                                                  SHA1:7A67EBC1D28A572C0AD3AB99851D0F6D07D3909F
                                                                                                  SHA-256:E6CB0CD3B106BD8103FC8AB3E645C5C257562F9C24B3EDE0E9A61FCCE92AC574
                                                                                                  SHA-512:F378BE28CC21E70E3146923E38E1B0234B53A68070A8FD5005479690008EA4D8C433780A8C2B2BF680F1123EC511B75B60D0F9B19D5AFE95673CC857D9C15C00
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.........................................................w...#..P.%.......e.|9<..{.m,.c....>...x...............(.......(.......(...*...(...............................................................................=...=...x.......0.......H...........0...........@....... ...c...c.......................c...............0...c...@...S...S...........!...c.......!...c...p.......c.......c.......p...........c...........................c..................@................@...............8.......8...............................................H...............8.......@...............r.P.........................s.........:.................p...C...........8.......H...............{.P.................................|.......}.......~...1.......@.........pL......2...........0.................................................@...............8.......8.................P.......................L...:.H.......@...............8.......8.................@.......................0.....@.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cef48c7b911a1e3c9d14e7747835701b8ee61e3c.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4168
                                                                                                  Entropy (8bit):3.2993996576009175
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:wuowF4iziGhoEeyKaHSXBCqZOsiuRaKd6Iaa6M8gdGBi8XK3yz:xowWiziGhc3ayxCSNRaKd624Bi8XD
                                                                                                  MD5:6AB8342F9F4E950A0B5CC834351E1B7E
                                                                                                  SHA1:CF01A4D3702014073CF2592A7A8832C1D9555DA5
                                                                                                  SHA-256:A363967F8D5566BC8953F7EB411D90064641AA91572F24F1AC80F26571586036
                                                                                                  SHA-512:1B37AE48019F0075C9143F41983876DF9F60BFED9986B137C58536874A0034211DF357219F962EADE149F76EB9A9081CBDFFDF5EF9C23B6619C70A85517F339B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......M.iP....H...................................................b..TU...Rzfd.....V.D...;.@..`.....).......................................&...................................................................................(...(...........(...p...........C...C...`...C...p.......................C...........S...C...........C...................................S...C.......S....... ...0...S...@...`...3...p......................@...............@... ...........8.......8...............T.P.................T.....L...:.....h.L...:.:.H.........@...............8.......8...............m.P.................m.....:.....@...............8.......8...............y.P.................y.....:.....................8.......8.................P.............................................+.......?.......C.......K.......^.......{.......}...................................................................................................N...D.....:.:....4............h.L-.....:.:.d.L ..:.....4.......h.L..

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\cef48c7b911a1e3c9d14e7747835701b8ee61e3c.qmlc.gggpiT

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4168
                                                                                                  Entropy (8bit):3.2993996576009175
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:wuowF4iziGhoEeyKaHSXBCqZOsiuRaKd6Iaa6M8gdGBi8XK3yz:xowWiziGhc3ayxCSNRaKd624Bi8XD
                                                                                                  MD5:6AB8342F9F4E950A0B5CC834351E1B7E
                                                                                                  SHA1:CF01A4D3702014073CF2592A7A8832C1D9555DA5
                                                                                                  SHA-256:A363967F8D5566BC8953F7EB411D90064641AA91572F24F1AC80F26571586036
                                                                                                  SHA-512:1B37AE48019F0075C9143F41983876DF9F60BFED9986B137C58536874A0034211DF357219F962EADE149F76EB9A9081CBDFFDF5EF9C23B6619C70A85517F339B
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......M.iP....H...................................................b..TU...Rzfd.....V.D...;.@..`.....).......................................&...................................................................................(...(...........(...p...........C...C...`...C...p.......................C...........S...C...........C...................................S...C.......S....... ...0...S...@...`...3...p......................@...............@... ...........8.......8...............T.P.................T.....L...:.....h.L...:.:.H.........@...............8.......8...............m.P.................m.....:.....@...............8.......8...............y.P.................y.....:.....................8.......8.................P.............................................+.......?.......C.......K.......^.......{.......}...................................................................................................N...D.....:.:....4............h.L-.....:.:.d.L ..:.....4.......h.L..

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d2ebcfc88aebbd1a8919372ced026957781f1024.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7864
                                                                                                  Entropy (8bit):3.363535345479313
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:JmoTh7M7Ulcrhg/kyJONZjKccnDpgTy2NVe7VPazeIxfV/TmV/P/u+Xavn47ALBi:o6h4IwOkpjeVPoBVSVHBXQ4crMH
                                                                                                  MD5:1513F8429FBE9FEB34AB8782F27567A5
                                                                                                  SHA1:77B3EEE1179825E77FC9F2D980A95FF154C734DE
                                                                                                  SHA-256:B3517718FC1C00AAEB17B81088ADD97896B2A011B9B40A5EA60C5D23A872676D
                                                                                                  SHA-512:6ED40A6C68F420693DE2BAE20077EF8938E5BF84D32AAE8B9CF6D4E7189798E38DAE4CBA8070FF4F94DC2A5A10C6CEB88D72C96CA3A9897866278CB220FE4747
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP...........................................................z....?......#...V..h...m>:D....K...................(.......(.......(...p...(...............................................................................J...J...........X...........P...........h...............P...#...3...3... ...C...3...3...@...3...3...P...3...3...`...........s...p...s...........s...........`...s.......`...3...3................... ...s...S........... ...P...@...`...s............... ...#...@...........s...3... ...@.......s... ...@...0...s...@...s... ....... ...@.......@...S...................s...`...s...@...s.......@.......A...s...@...s.......@.......A...s... ...@...0.......s...........s...........s...........s...s...`.......S.......3..................@........@...............8.......8...............7.P.................7.........L...:.H..|........@...............8.......8...............8.P.................8.........L...:.H..|........@...............8.......8...............9.P.............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d2ebcfc88aebbd1a8919372ced026957781f1024.qmlc.TAhjfH

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7864
                                                                                                  Entropy (8bit):3.363535345479313
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:JmoTh7M7Ulcrhg/kyJONZjKccnDpgTy2NVe7VPazeIxfV/TmV/P/u+Xavn47ALBi:o6h4IwOkpjeVPoBVSVHBXQ4crMH
                                                                                                  MD5:1513F8429FBE9FEB34AB8782F27567A5
                                                                                                  SHA1:77B3EEE1179825E77FC9F2D980A95FF154C734DE
                                                                                                  SHA-256:B3517718FC1C00AAEB17B81088ADD97896B2A011B9B40A5EA60C5D23A872676D
                                                                                                  SHA-512:6ED40A6C68F420693DE2BAE20077EF8938E5BF84D32AAE8B9CF6D4E7189798E38DAE4CBA8070FF4F94DC2A5A10C6CEB88D72C96CA3A9897866278CB220FE4747
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP...........................................................z....?......#...V..h...m>:D....K...................(.......(.......(...p...(...............................................................................J...J...........X...........P...........h...............P...#...3...3... ...C...3...3...@...3...3...P...3...3...`...........s...p...s...........s...........`...s.......`...3...3................... ...s...S........... ...P...@...`...s............... ...#...@...........s...3... ...@.......s... ...@...0...s...@...s... ....... ...@.......@...S...................s...`...s...@...s.......@.......A...s...@...s.......@.......A...s... ...@...0.......s...........s...........s...........s...s...`.......S.......3..................@........@...............8.......8...............7.P.................7.........L...:.H..|........@...............8.......8...............8.P.................8.........L...:.H..|........@...............8.......8...............9.P.............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d6fc3b0b34d679575cae9f2205eec5de4d7ba4d6.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1220
                                                                                                  Entropy (8bit):2.907540725255318
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:4b+fK93w31adZ2yx7jgdGKSR9ag1y0fwp:4ygqQD2yx7jgdGB5N
                                                                                                  MD5:606C720693EBA7607784C02C773522D3
                                                                                                  SHA1:50C4EF28D26C053FF3A9C4CC3C3B18ED54319334
                                                                                                  SHA-256:4EF7B5305DF72F282FBBCD6258455862CD8D5C460B558D42BF872E8CE9E16E1E
                                                                                                  SHA-512:D660FE954C179121D8EF2A62B1D9751E203B64B36532228DD982085264560C9C59BF66E6657601407DDED9C40F6BEA9ECE208F91FBCCBF64857C08388FCE2F85
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......D.iP.........................................................]...y..^.7j.....Bl.9.q..Xh.-..........H...........................................................................................................................................@...............8.......8.................P.............................p...............8...`...............0...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................B.a.s.i.c.T.a.b.l.e.V.i.e.w.S.t.y.l.e...........................r.o.o.t.................................T.a.b.l.e.V.i.e.w...............................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........X...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.T.a.b.l.e.V.i.e.w.S.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d6fc3b0b34d679575cae9f2205eec5de4d7ba4d6.qmlc.GAhEBu

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1220
                                                                                                  Entropy (8bit):2.907540725255318
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:4b+fK93w31adZ2yx7jgdGKSR9ag1y0fwp:4ygqQD2yx7jgdGB5N
                                                                                                  MD5:606C720693EBA7607784C02C773522D3
                                                                                                  SHA1:50C4EF28D26C053FF3A9C4CC3C3B18ED54319334
                                                                                                  SHA-256:4EF7B5305DF72F282FBBCD6258455862CD8D5C460B558D42BF872E8CE9E16E1E
                                                                                                  SHA-512:D660FE954C179121D8EF2A62B1D9751E203B64B36532228DD982085264560C9C59BF66E6657601407DDED9C40F6BEA9ECE208F91FBCCBF64857C08388FCE2F85
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......D.iP.........................................................]...y..^.7j.....Bl.9.q..Xh.-..........H...........................................................................................................................................@...............8.......8.................P.............................p...............8...`...............0...........................................................Q.t.Q.u.i.c.k...........................Q.t.Q.u.i.c.k...C.o.n.t.r.o.l.s.................................B.a.s.i.c.T.a.b.l.e.V.i.e.w.S.t.y.l.e...........................r.o.o.t.................................T.a.b.l.e.V.i.e.w...............................c.o.n.t.r.o.l...........................e.x.p.r.e.s.s.i.o.n. .f.o.r. .c.o.n.t.r.o.l............................._._.c.o.n.t.r.o.l...........X...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.S.t.y.l.e.s./.B.a.s.e./.T.a.b.l.e.V.i.e.w.S.

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d84965111ef25599e2852e5cb78ae4282056272d.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10652
                                                                                                  Entropy (8bit):3.0697655865136904
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:aCJWpqunp9Qn06jsu6VJzzRk7f+J/Nps5eIx/sdxs6jO7FvLxFg1nfMLlsgZ+74R:aCa9LSsu6bHehqyvtFenb2GYatLK9
                                                                                                  MD5:3395081B89E62C55D152835C80E65C69
                                                                                                  SHA1:65D62B8968B343C497C28562DA8329113DA2FF75
                                                                                                  SHA-256:0D45CDF46535E88AEB40BB1B1E4BF5289784C7CB57C2282047CE7C8B43D3C749
                                                                                                  SHA-512:C3B26B80A8F2658165DF11F9C664103DBE17850E55D0EBEC7357D526F5B720E7C048F3F7B259B52D4565506F45C004713F2E161B12907DEE42AB3C1D19125C43
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....)...................................................B..{J2.|ez...;.}......,...C.......e...................L.......L.......L...V...L...............................................................................a...a...0!...... ...p.......0.......0...........`...........8............... ...h...........@...................#...#.......#...#...................................S.......................................................................S.......#.......0...C...s...P...s........... ...................S.......s.......................................s.......s.......................s.......s...................s...................s......................................................@...............8.......8...............1.P.................1.....:.J...:.......@...............8.......8...............9.P.................9.....L...:.H.......@...............8.......8...............:.P.................:.....L...:.H.......X.......*.......8.......@...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\d84965111ef25599e2852e5cb78ae4282056272d.qmlc.PIPqgc

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10652
                                                                                                  Entropy (8bit):3.0697655865136904
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:aCJWpqunp9Qn06jsu6VJzzRk7f+J/Nps5eIx/sdxs6jO7FvLxFg1nfMLlsgZ+74R:aCa9LSsu6bHehqyvtFenb2GYatLK9
                                                                                                  MD5:3395081B89E62C55D152835C80E65C69
                                                                                                  SHA1:65D62B8968B343C497C28562DA8329113DA2FF75
                                                                                                  SHA-256:0D45CDF46535E88AEB40BB1B1E4BF5289784C7CB57C2282047CE7C8B43D3C749
                                                                                                  SHA-512:C3B26B80A8F2658165DF11F9C664103DBE17850E55D0EBEC7357D526F5B720E7C048F3F7B259B52D4565506F45C004713F2E161B12907DEE42AB3C1D19125C43
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....)...................................................B..{J2.|ez...;.}......,...C.......e...................L.......L.......L...V...L...............................................................................a...a...0!...... ...p.......0.......0...........`...........8............... ...h...........@...................#...#.......#...#...................................S.......................................................................S.......#.......0...C...s...P...s........... ...................S.......s.......................................s.......s.......................s.......s...................s...................s......................................................@...............8.......8...............1.P.................1.....:.J...:.......@...............8.......8...............9.P.................9.....L...:.H.......@...............8.......8...............:.P.................:.....L...:.H.......X.......*.......8.......@...............

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e305c12bcefee9ab6ecdbbad461a88adb4683ec6.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):708
                                                                                                  Entropy (8bit):2.7531736703431644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:cvWeXEEEEEEEAR1cv5KgdpsbKS/rDlMcEfEEoF:cv7pRPgdGKSlc8LF
                                                                                                  MD5:64F3E31DAD0A789A2311CC89B292A9D1
                                                                                                  SHA1:A4E72C0423598E4F925FA49B04A0F6B9BBD5548E
                                                                                                  SHA-256:8672F464D6187CB733F9453F72D91666C196388470AE74D1D395715850CD768A
                                                                                                  SHA-512:48A92BDCDD86D6664C1B7F01E66AC886108DEC1F45409D9E95A50DDA74E49136DA8B598FA895F9CF457F60C3CB724841C815B51E06698DAB813B77F27B47A871
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP...........................................................b.B2../riE.=$....X*..3.(..X........................................................................................................................................@...............0...X...............................................................Q.t.Q.u.i.c.k...........................T.e.x.t.............S...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.T.e.x.t.S.i.n.g.l.e.t.o.n...q.m.l...............(.......................)...,.......................T...T...T.......T...T.......T.......T...*.......T.......T...........

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e305c12bcefee9ab6ecdbbad461a88adb4683ec6.qmlc.hwJNYG

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):708
                                                                                                  Entropy (8bit):2.7531736703431644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:cvWeXEEEEEEEAR1cv5KgdpsbKS/rDlMcEfEEoF:cv7pRPgdGKSlc8LF
                                                                                                  MD5:64F3E31DAD0A789A2311CC89B292A9D1
                                                                                                  SHA1:A4E72C0423598E4F925FA49B04A0F6B9BBD5548E
                                                                                                  SHA-256:8672F464D6187CB733F9453F72D91666C196388470AE74D1D395715850CD768A
                                                                                                  SHA-512:48A92BDCDD86D6664C1B7F01E66AC886108DEC1F45409D9E95A50DDA74E49136DA8B598FA895F9CF457F60C3CB724841C815B51E06698DAB813B77F27B47A871
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP...........................................................b.B2../riE.=$....X*..3.(..X........................................................................................................................................@...............0...X...............................................................Q.t.Q.u.i.c.k...........................T.e.x.t.............S...................f.i.l.e.:./././.C.:./.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)./.D.r.i.v.e.r.H.u.b./.Q.t.Q.u.i.c.k./.C.o.n.t.r.o.l.s./.P.r.i.v.a.t.e./.T.e.x.t.S.i.n.g.l.e.t.o.n...q.m.l...............(.......................)...,.......................T...T...T.......T...T.......T.......T...*.......T.......T...........

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e7dce30190a06905261c9a98f3d569943f105db0.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3900
                                                                                                  Entropy (8bit):2.9720764854572126
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:9accwixqG/Urx8K4DR1mI9R8pna9EJqeAjIOuTHA1q3qLUahglElgdGKS6dtj281:vYD/GML9enxM8HA17ngdGB6n/SVv6
                                                                                                  MD5:875CC60187CF48F43757B0478CF83943
                                                                                                  SHA1:C8E40D03A3F01E7431916155018245F2822FF85C
                                                                                                  SHA-256:6CB3FA8DC8F810B4019987191AE6B5B74C3D73E7E9B77EEB07352865D7C65DF4
                                                                                                  SHA-512:7AAA89D3B94B45D561A696BDE3D93F078D80AE68289767064E4374CD4A6E5437C02F34D8559EA331EE4C12C37011A6C783B52CF0354BD1CA3BEF4C757CE77234
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......o.iP....<...................................................T34....|....M#l.Fr.|.@:m_a(`...........................8.......8.......8...<...8.......(.......0.......@.......@.......@.......@.......@.......@.......@...............P...@...........H...........P...........X...........`...........X...C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C... ...s... ...C...0...s...0...C...@...s...@...C...P...s...P...C...`...s...`...3...p...3...............................H...............8.......@.............../.P........................./.....L...:.H...:...H...............8.......@...............0.P.........................0.....L...:.H...:...H...............8.......@...............1.P.........................1.....L...:.H...:...H...............8.......@...............2.P.........................2.....L...:.H...:...H...............8.......@...............3.P.........................3...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\e7dce30190a06905261c9a98f3d569943f105db0.qmlc.GUBxla

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3900
                                                                                                  Entropy (8bit):2.9720764854572126
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:9accwixqG/Urx8K4DR1mI9R8pna9EJqeAjIOuTHA1q3qLUahglElgdGKS6dtj281:vYD/GML9enxM8HA17ngdGB6n/SVv6
                                                                                                  MD5:875CC60187CF48F43757B0478CF83943
                                                                                                  SHA1:C8E40D03A3F01E7431916155018245F2822FF85C
                                                                                                  SHA-256:6CB3FA8DC8F810B4019987191AE6B5B74C3D73E7E9B77EEB07352865D7C65DF4
                                                                                                  SHA-512:7AAA89D3B94B45D561A696BDE3D93F078D80AE68289767064E4374CD4A6E5437C02F34D8559EA331EE4C12C37011A6C783B52CF0354BD1CA3BEF4C757CE77234
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).......o.iP....<...................................................T34....|....M#l.Fr.|.@:m_a(`...........................8.......8.......8...<...8.......(.......0.......@.......@.......@.......@.......@.......@.......@...............P...@...........H...........P...........X...........`...........X...C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C.......s.......C... ...s... ...C...0...s...0...C...@...s...@...C...P...s...P...C...`...s...`...3...p...3...............................H...............8.......@.............../.P........................./.....L...:.H...:...H...............8.......@...............0.P.........................0.....L...:.H...:...H...............8.......@...............1.P.........................1.....L...:.H...:...H...............8.......@...............2.P.........................2.....L...:.H...:...H...............8.......@...............3.P.........................3...

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec6fd6d99653daba93f8cd1d4752ca85d42cc66b.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21572
                                                                                                  Entropy (8bit):3.3218501570572356
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:NJL3SfXxFjAfBOsGe3a2rxgGUTu9Hf6D+HJB8jf+FroEm+PlzUEyLP:NVSxFwU29gnTwfbDdUP
                                                                                                  MD5:ABE02819ED8BC2E18D507E4A959B9AAE
                                                                                                  SHA1:D02B7AEE8091E4B3A5FB4CE4475FADA725053FA9
                                                                                                  SHA-256:84A7A9CBE2B8014FEFC66C3223267BF4FDD96BF850806E4F3FE29E378CBDB83B
                                                                                                  SHA-512:DECDBE2106479C7FD49288808A9418FC055F3D2517155EFC0CCE3CCF00C2EC38F4206186019A0A36292BCA1E7AAE9B618289EC2C9911875BC30A0C46B838A9F8
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....DT..................................................B..........I.&.`.*.'.V^.P.~...........H................................................................................................................................C......P...............0...........H...........(...x...........X.......X...........@.......(...............H...............(...x.......@.......@...........(...........0...........p...............0............... ...S...0...S...0...3...S...!...3... .......q...3...S.......P...!...S...3... ...P...q...3... ... .......1.......`...3... ...q...s...3...........................#...S...#...S...S...............#...S...#...S...S...............#...................#...@...#... ...............................#...0...#...@...............#.......P...#...#...........................#...0...#...@...a...........#...#...p...........................#...@...#... ...q...........c...c...........#...@...#... ...............#...............................#...p...........

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec6fd6d99653daba93f8cd1d4752ca85d42cc66b.qmlc.mTuakv

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21572
                                                                                                  Entropy (8bit):3.3218501570572356
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:NJL3SfXxFjAfBOsGe3a2rxgGUTu9Hf6D+HJB8jf+FroEm+PlzUEyLP:NVSxFwU29gnTwfbDdUP
                                                                                                  MD5:ABE02819ED8BC2E18D507E4A959B9AAE
                                                                                                  SHA1:D02B7AEE8091E4B3A5FB4CE4475FADA725053FA9
                                                                                                  SHA-256:84A7A9CBE2B8014FEFC66C3223267BF4FDD96BF850806E4F3FE29E378CBDB83B
                                                                                                  SHA-512:DECDBE2106479C7FD49288808A9418FC055F3D2517155EFC0CCE3CCF00C2EC38F4206186019A0A36292BCA1E7AAE9B618289EC2C9911875BC30A0C46B838A9F8
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....DT..................................................B..........I.&.`.*.'.V^.P.~...........H................................................................................................................................C......P...............0...........H...........(...x...........X.......X...........@.......(...............H...............(...x.......@.......@...........(...........0...........p...............0............... ...S...0...S...0...3...S...!...3... .......q...3...S.......P...!...S...3... ...P...q...3... ... .......1.......`...3... ...q...s...3...........................#...S...#...S...S...............#...S...#...S...S...............#...................#...@...#... ...............................#...0...#...@...............#.......P...#...#...........................#...0...#...@...a...........#...#...p...........................#...@...#... ...q...........c...c...........#...@...#... ...............#...............................#...p...........

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec76cc1927cd29bd8d9d5ebcafb1e6ba92b3e8ca.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9652
                                                                                                  Entropy (8bit):3.1511355429650663
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:aQQg2LyDk4ilDItq3zphgnoRYPqC7izxj:HSxRgP/mj
                                                                                                  MD5:902F22E2F5767EDD19B589D89B380C01
                                                                                                  SHA1:949C8DD8516A84E21C2D0C381CF724C1555BE44B
                                                                                                  SHA-256:9FC0FD87CA9E317A3C3789131C89B7AF4C98BF452543D8E1DD8C589EAB522B88
                                                                                                  SHA-512:A9DF429CA666E57B6B1AC38A2A9277518410B6C22427D5FF5150D63CD34BFD05B102A136343702626AF006F5D74F0E31A8D97C6DB7A7543A218EF8E951044C01
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....%........................................................^..F.Q4..9.a.k.F...~...s....R...................D.......D.......D...<...D.......4.......@.......x.......x.......x.......x.......x.......x.......x.......Q...Q.......x.......(...p...........H........... ...h....... ...p.......P...........`...C...P...C.......P...C.......C.......C...............c...s...3...p...C...S...........S...........P...s.......S.......s.......S...............................................................C.......S...........S.......P...................c......................................................................@...............8.......8...............d.P.................d...........................@...............8.......8.................P.............................................@...............8.......8.........................................:.....@...............8.......8.........................................:.....@.......$.......8.......8...............%.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ec76cc1927cd29bd8d9d5ebcafb1e6ba92b3e8ca.qmlc.OgykEL

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9652
                                                                                                  Entropy (8bit):3.1511355429650663
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:aQQg2LyDk4ilDItq3zphgnoRYPqC7izxj:HSxRgP/mj
                                                                                                  MD5:902F22E2F5767EDD19B589D89B380C01
                                                                                                  SHA1:949C8DD8516A84E21C2D0C381CF724C1555BE44B
                                                                                                  SHA-256:9FC0FD87CA9E317A3C3789131C89B7AF4C98BF452543D8E1DD8C589EAB522B88
                                                                                                  SHA-512:A9DF429CA666E57B6B1AC38A2A9277518410B6C22427D5FF5150D63CD34BFD05B102A136343702626AF006F5D74F0E31A8D97C6DB7A7543A218EF8E951044C01
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP.....%........................................................^..F.Q4..9.a.k.F...~...s....R...................D.......D.......D...<...D.......4.......@.......x.......x.......x.......x.......x.......x.......x.......Q...Q.......x.......(...p...........H........... ...h....... ...p.......P...........`...C...P...C.......P...C.......C.......C...............c...s...3...p...C...S...........S...........P...s.......S.......s.......S...............................................................C.......S...........S.......P...................c......................................................................@...............8.......8...............d.P.................d...........................@...............8.......8.................P.............................................@...............8.......8.........................................:.....@...............8.......8.........................................:.....@.......$.......8.......8...............%.......

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ed2dba63e322560d326b902bbe0f717f52859c5e.qmlc (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14912
                                                                                                  Entropy (8bit):3.1564580875097517
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:MVqA+MnHbasDhU0MfNfwwziiGsqjmH1VnMmA5bTNwFvFeig/uX:clJhU0mNfT4bTNwFvjgO
                                                                                                  MD5:889B50EBF23B6E856D1EB1D6514D0CB7
                                                                                                  SHA1:7D9C84A4991F2A62B15EC50C362DFF906D318A90
                                                                                                  SHA-256:B9468F45BFED9FA96AB91DCAEA800F9D97BEE1A0AA659055AC73D06C368D20F6
                                                                                                  SHA-512:477A93EEE1CB7DB7C390053CBFEC5B640E8E2B499DF47564E10EBA689832290A140458FC9852DB3527D6A2293EBECC4895B3D32B72CB5DE4BC17D56DF30C3BFB
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....@:..................................................(...@....{. ..=\..=.S..S..H.c."........H...(...................................................................................................................|...|..../......`...........`...........h.......0...............h...........@....... ....... ...h...........@...........H...........0...x.......8...........X.......(.......c...c.......c...c.......C...c.......P...c...c.......c...c.......s...`...s...`.......s.......s...`.......s.......c.......#.......C...C...C...s...`...C...s...p...........................c...s...c.......c.......c...........................................................................C...s...p.......p...........................s.......s...`...#...s.......s...`...#...s.......s...`...s.......C...s.......................P.......s.......s...`...s.......s...@...s...s...............s...C...s...p...................s...s... ...3...................@.......P...`...S...p...........................

                                                                                                  C:\Users\user\AppData\Local\DriverHub\cache\qmlcache\ed2dba63e322560d326b902bbe0f717f52859c5e.qmlc.qGmzGw

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14912
                                                                                                  Entropy (8bit):3.1564580875097517
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:MVqA+MnHbasDhU0MfNfwwziiGsqjmH1VnMmA5bTNwFvFeig/uX:clJhU0mNfT4bTNwFvjgO
                                                                                                  MD5:889B50EBF23B6E856D1EB1D6514D0CB7
                                                                                                  SHA1:7D9C84A4991F2A62B15EC50C362DFF906D318A90
                                                                                                  SHA-256:B9468F45BFED9FA96AB91DCAEA800F9D97BEE1A0AA659055AC73D06C368D20F6
                                                                                                  SHA-512:477A93EEE1CB7DB7C390053CBFEC5B640E8E2B499DF47564E10EBA689832290A140458FC9852DB3527D6A2293EBECC4895B3D32B72CB5DE4BC17D56DF30C3BFB
                                                                                                  Malicious:false
                                                                                                  Preview:qv4cdata).........iP....@:..................................................(...@....{. ..=\..=.S..S..H.c."........H...(...................................................................................................................|...|..../......`...........`...........h.......0...............h...........@....... ....... ...h...........@...........H...........0...x.......8...........X.......(.......c...c.......c...c.......C...c.......P...c...c.......c...c.......s...`...s...`.......s.......s...`.......s.......c.......#.......C...C...C...s...`...C...s...p...........................c...s...c.......c.......c...........................................................................C...s...p.......p...........................s.......s...`...#...s.......s...`...#...s.......s...`...s.......C...s.......................P.......s.......s...`...s.......s...@...s...s...............s...C...s...p...................s...s... ...3...................@.......P...`...S...p...........................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1970
                                                                                                  Entropy (8bit):5.344777542675608
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKoe8mHitHo6hAHKzeeHxWH3:iqlYqh3ou0aymsqlCtI6eqzjRWX
                                                                                                  MD5:95806B89011F6C796628076C6DD4807D
                                                                                                  SHA1:B15686142623415C6DC356670D3985E00D1F7E6E
                                                                                                  SHA-256:418D0A0A1F11A98FC9EA60FB6FE3B63222A2925EDDFC89A7E18243F5FBB78415
                                                                                                  SHA-512:0BAE06784D34A48AD443A6223959708AC03611C7F24707969D7A4599818E1DA64A3A6786FD46384792804EB746E46F92D94EF7B8529C938EA5279D42DF01EB1D
                                                                                                  Malicious:false
                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):49120
                                                                                                  Entropy (8bit):0.0017331682157558962
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Ztt:T
                                                                                                  MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                  SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                  SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                  SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\features[1].json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:JSON data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1486
                                                                                                  Entropy (8bit):4.391174552396646
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:YPiRyiRAS3RH4rRUtRCRMR6mR9R5DR3RoRY+RWEIiRGiRCR8xRbRIjRuAcBpDRJq:YqRyiRhRYRUtRCRMR6mR9R5DR3RoRJRk
                                                                                                  MD5:3E3283BC47087F6CC0A0CC646DAF3EEE
                                                                                                  SHA1:83B9EF448D9B3410EEA8CCF8CB05B072C2E9D61E
                                                                                                  SHA-256:B589C9957F93FAC1E6DF3279F64995910921B6732E546F7A83B4358C3CEA81FE
                                                                                                  SHA-512:A405FB0CCCF965D6DF40E977BD9E2D38D08E2A5B8D0B2F8EF91D2BB1227CB68CB3A81661C79AC25FB9B49CEE646BE51DEBE4B111E40CA247FD2409B2E63844E7
                                                                                                  Malicious:false
                                                                                                  Preview:{"features":{"01979299c8cd":{"state":"enabled"},"13e025f64bd6":{"state":"disabled"},"13eeaf851da7":{"state":"enabled"},"1ad69b007ce5":{"state":"enabled"},"1c4dddb65bac":{"state":"enabled"},"1d24dceb937a":{"state":"enabled"},"278deecb29a1":{"state":"enabled"},"2c1429a5a72e":{"state":"enabled"},"3389f6c15eb9":{"state":"enabled"},"40db6e644d2c":{"state":"disabled"},"50796754ffc7":{"state":"enabled"},"5448a57d6689":{"state":"disabled"},"54726ed4401e":{"state":"enabled"},"56d717ae3ad6":{"state":"enabled"},"5a28d66c82cd":{"state":"enabled"},"603cade21cf7":{"state":"enabled"},"654296fe9d6c":{"state":"enabled"},"7e93fef4a11d":{"state":"enabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"8511df77ed15":{"state":"enabled"},"88edd7903398":{"state":"enabled"},"970fe421a344":{"state":"enabled"},"9ec4e68ae70a":{"state":"disabled"},"b2a2a32b832b":{"state":"enabled"},"b77514

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\index_en[1].htm

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:HTML document, ASCII text, with very long lines (380), with CRLF, LF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5392
                                                                                                  Entropy (8bit):5.010250088104232
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:j/kv8Z257+SOaZoYi45iPunYPh+KNVcXCYks:ji80OIgYoJXs
                                                                                                  MD5:2C9729B902464EB5D1B7CB9BADE8876F
                                                                                                  SHA1:11EAC63CAC0BBC84E4A7ED1285E55FC93E0AB57F
                                                                                                  SHA-256:5B564DB32C70FC423D94381DB25F088720689EA6D93F7D97E36271DC4DD1B716
                                                                                                  SHA-512:D7BA48D9279579F41DEFFABB0763585ECF33A91DDD9FD60B6BED443C55FB41AA4861BA63FB54D6911833E10ACCC0A57BC541DA4AE036271A380C16E020A58D11
                                                                                                  Malicious:false
                                                                                                  Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <title>Avast Free Antivirus</title>.. <style type="text/css">.html {.. font-family: sans-serif;..}..* {.. box-sizing: content-box;..}..body {.. margin: 0;.. padding: 0;.. background: #ffffff;.. color: #37474f;.. font-family: "Roboto", sans-serif;.. /*font-size: 1em;*/.. font-size: 15px;.. font-weight: 400;..}..html, body {.. overflow: hidden !important;..}...clear {.. display: block;.. clear: both;.. font-size: 0;.. height: 1px;..}..ul, ol, li {.. padding: 0;.. margin: 0;..}..ul, ol {.. padding: 15px 0;..}..li {.. list-style-type: none;.. margin-bottom: 5px;..}..li:last-child {.. margin-bottom: 0;..}..p { margin: 0; }..a,..a:active {.. color: #2b76c1;.. text-decoration: underline;.. outline: 0..}..a:hover,..a:focus {.. color: #225f9b;.. text-decoration: none;.. outline: 0..}...container {.. /*position: relative; */.. /* left: 50%; */.. /* right: 50%; */.. /* margin: 0 -400px; */..

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mp-logo[1].png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 310 x 310, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12664
                                                                                                  Entropy (8bit):7.964654581482677
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:KgMHj/MJ89mWXxFxbi8mqxUQPS2GazkqHaKi70hG:jMI23hFxbi8DPjzkq6Kct
                                                                                                  MD5:C30F11F25AD96508053C19338005B7CD
                                                                                                  SHA1:051FACB8B0BEE4B92770FF86E06FFA92A8D14A06
                                                                                                  SHA-256:9F692C39DD5C8E5C302953419266072AB8F78FBA9207630D93D19A04D34B964E
                                                                                                  SHA-512:8AD8F7ACC643172BF78A904B4ECEEFDDA5F427C335935B1E7CA67D3FE5FFC528C64390C74461A01B9657C5FE03DF95E1B7A0A00F39E1F82886D4356236CB70CA
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...6...6...........pHYs.................sRGB.........gAMA......a...1.IDATx..mv.W..ZR..36H..'.4b..+@......@V.Y..........e.V>ebr....L..znu.lY...zow..q........^........_.&.].."P;.....;<.....x...m.ho...0Q.o.....G...S@.=.&...S..Cs.C.#... ..D.5..]....w.X..z........tG.BH...x....a....j..[.!`.x....dDV ...7. .....t.. .............J...O.....b....e'.m..a...........@.*.X..+KC$z......"l...Y..>.!K.JX...E..@,:..as.O.>y..(8R...B........Xs.!....1S..XeE.Ys..;.....#.f1"f6.pY.Xr.".f.,f...`.S.3.....U..y'19..a...-...1..P}.j2!.W..\t/(.t.S...vw.X.....tn..P:"l%R/W.G..`H.....GA.[.<.{.z.YX......\....a+.?._...'P].l..m.g.q{..=..9x].=[.O...<e.J.xD.."t7........M.6.w[.Pb.=D._..)+.......[..-(V...].l.!.CR..<..."......a......3.?;..&S....,tPh..".6.....|.a......1.K.'l.p2g.p.B..5.H..^..e..[F...3R.'.k._.Y.. .~..'....5"l)....n..2..h.wD.x..%'I...aK.....D.tqW.aK. x....O.D.."......u.Y5....-s>.r....!.p...qO..a3 L.....N..YQ=a[.......8.S.d0C.M...eAu.m...e/p. ..q;....

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\opera-logo[1].png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 346 x 319, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28748
                                                                                                  Entropy (8bit):7.980678917738332
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:MFQN7q8MMskPoqqCNp8fIZvq39gRLAXjXWOZTT5:MFQQwFwCNs0qNgRLmjGOZH5
                                                                                                  MD5:76BE1548DF3BAE224BAD7FE05A693D69
                                                                                                  SHA1:AC28ED1573C24D71D086CAFB83A08DD46EF142FF
                                                                                                  SHA-256:3DFA32B234CACE5FEFA9EC1DB883A56EA677DDD28E7082477BA425AD08BB4562
                                                                                                  SHA-512:4F6D16BD7B25CAA78C258B2D476F2428B0BE15D0C98F6F4A85DD77438F21A1F384ABB4DAE5FDF23A77289D355A158B43C62F85B3AFF22543F454BE5909AF22D5
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...Z...?......h......pHYs.................sRGB.........gAMA......a...o.IDATx....\U....UU.......,aOXd.."......8*..8..8..uP.qA..qcPQP\.D..]...aKB:.I..um...[...aI.....4tu'.].{...s.=..`0.....`0.....`0.....`0....A.........+...k.LLD..h...[-..i[...%......&]...Q..N.......t...V.....=......'...q\.H..a.|._OI.5.'].1(.9D{ZtG...O#...C.1Bk..,...lv.#.Bpi/....u...........0..X`C..".....h.H..E..p...4.9..O.8.......%]x\......(.....F......Rk......P&...!.HW,e.p.$\..i/.g...a..0........|i.a.......1..1..'.Z...n{xj....+W:|....`...(...H..r..C..W../.....Hm.y....{...-..PdQ..D.l.o....{.......K.`0<.Fh....Ul...p.K.J.,.(.G.E(.[Y.`..l....?n......A.....A.e#...a.v..|.C.l... .TvH..>.~.X;....s......._.xB.....m.Q:..Y(m..-c|...#....V.#@..S..`.*.t..Y...?....=.*....p7.{W...).s.===..;.0B;O..+..O=u../..,. ....K >.....+j.eu...)^.n!to.I&o.....Fh}..f2.......]..3XT.bQ..K....,Yv....}.Y..g..`2...^0..?1B.3*..2..[....cxZ...^.O:..f.i..(...u....,...|..Z......lG.......l.-....+H~

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Opera_GX_112.0.5197.60_Autoupdate_x64[1].exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):39523328
                                                                                                  Entropy (8bit):7.999763070846584
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:786432:kA4DO4PO8xlm00lwMAGar4z4OpgndoQ0WmPQ1s3BeBplQ:hID0lwvr4MAgdodI1s3Q3lQ
                                                                                                  MD5:9D86BDCA52ACA8A8DF30AB7D207A44CD
                                                                                                  SHA1:E3EAE542B6DDBAEF018BD620F6C5A1629298775B
                                                                                                  SHA-256:7625E07F30131A2B3DACA28BA44DEC590A6787E819DFB087E0A9979B48D4FE66
                                                                                                  SHA-512:D5F6BE3F463F11C97976FAFBAC79E5FAFBB15AC55CFEFE791DE326762E2A2A4ECDA5B79351B2ADF13F592B473953433B9CA1219D516F14A796E7B9A7378B28FA
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@...................................~...@..................................R..d...................8.~..).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\avast-logo[1].png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PNG image data, 310 x 310, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5597
                                                                                                  Entropy (8bit):7.930864219078105
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:YUazc+n309EQzae59JS5h7BTfJf9dT0hnRH6zZbzK4o0/SGM1ys8LT76b+wTFz3W:wzf3+dnfJSn1TfJFdYhnRHMZXjSJ1Y2W
                                                                                                  MD5:6DA02DC09567A47EE1F17792580ABF35
                                                                                                  SHA1:2F23D346836398E9395A842799DB6DDEF341EEEF
                                                                                                  SHA-256:FEB90D443AF4ACB95CCC58DE38E9022345D2CBE3DBE38A18034F0E30C4BBDE89
                                                                                                  SHA-512:E8888166F82AFE7A18D3644C26E3D2DFBEAF08F8CD6DD0DC35B6A6F8AF9E4C3D80EA09BE5868CCEB1C05BD165897F6C741DA765CE533A63CE6919E447CF8DCED
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...6...6......bN.....PLTE...................................................................................................................................................................................................5x.4...@tRNS.........#..(........E.......x.T..>..-...OJ62.|Y.fA^...k:.rb.o.V.rb....IDATx....v.@...QC.*@. .^Lo......S%/y..6eF.'....0...."m.J..t.j..Y.;:....,...7].K#;K.}.(..z..XLV......]o].w.E...h............A. ..m..........3.tw..../>l.i..?{V.T0R.Z.L.Yf.%!"9....Y.a..@.Q\.....J......;..6...H.w...&......I......&>".O.t..........F.rV.)tp5j...`..|\...t'....Q...v..SA<..[....q...... =.cN..I.A........y.R/...Uq..nU....[..xv..j...Ws.;.;.^0.xq7.*:....(F..nDP..H=....q_..n.T.........7.^..k.7.k..........1..]M..C.^.>...w Co..J....fX[<.3....;.NzI...m...n...Y./.G+?W...C.\c,...`..-......fN.Mj......^..~.T.R...T.A..D..7...CP......`..\:Ja...."33..>...%...SDf.pRz'eJf...?.(X{...M......$..6.....IpR&9..y.8.u:C...DU#QY..........#A.....!.id....>..+.#.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\index_en[1].htm

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:HTML document, ASCII text, with very long lines (473), with CRLF, LF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5450
                                                                                                  Entropy (8bit):5.022951393170709
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:Z/kv8Z257+SgaZoYi45iPunYPh+KN7ceMy1N/Kf8/omJ:Zi80gIgYoJJ1hKOomJ
                                                                                                  MD5:5EDF2551C2B8429DBE05F6BA36A31192
                                                                                                  SHA1:FE23515BF0675FCD7318A0BB4BFB5ECDB74945A3
                                                                                                  SHA-256:49EF03BDB84772838CAC904F5BF47B2336173D897BE70D401CFB592AA7EFF9E1
                                                                                                  SHA-512:23DFBD984A7F8526B6E817F78CB13E5FD3135049B131D3E3AB65A8E4ACBD575DC3F1CD5D0C87FE032AF0300BDE0C12F89131717AAF31C61B9D6264AE5DC942F9
                                                                                                  Malicious:false
                                                                                                  Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <title>Opera GX</title>.. <style type="text/css">.html {.. font-family: sans-serif;..}..* {.. box-sizing: content-box;..}..body {.. margin: 0;.. padding: 0;.. background: #ffffff;.. color: #37474f;.. font-family: "Roboto", sans-serif;.. /*font-size: 1em;*/.. font-size: 15px;.. font-weight: 400;..}..html, body {.. overflow: hidden !important;..}...clear {.. display: block;.. clear: both;.. font-size: 0;.. height: 1px;..}..ul, ol, li {.. padding: 0;.. margin: 0;..}..ul, ol {.. padding: 15px 0;..}..li {.. list-style-type: none;.. margin-bottom: 5px;..}..li:last-child {.. margin-bottom: 0;..}..p { margin: 0; }..a,..a:active {.. color: #2b76c1;.. text-decoration: underline;.. outline: 0..}..a:hover,..a:focus {.. color: #225f9b;.. text-decoration: none;.. outline: 0..}...container {.. /*position: relative; */.. /* left: 50%; */.. /* right: 50%; */.. /* margin: 0 -400px; */.. width: 800px

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\index_en[2].htm

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:HTML document, ASCII text, with very long lines (644), with CRLF, LF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5688
                                                                                                  Entropy (8bit):5.0217824583912805
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:u/kv8Z257+S2aZoYi45iPunYPh+KNacTgJpJ:ui802IgYoJpgHJ
                                                                                                  MD5:2E76FAC32AA18021DA91DDA6B231C28A
                                                                                                  SHA1:A3EB5C2BC9694103078B27ED86D050750427CF58
                                                                                                  SHA-256:3AE498C63B05F331018CF85DC7ECAE59CBE94B9D2AEB8DC7B4D74C9258D4F56C
                                                                                                  SHA-512:EC1EAD02554BB5FEA773A361FFA0DE7B9C50770C3DBD06AD884D1A3687BEB172A1C01C921C8EF6D0B3E0BC4123932969F26782ED3D2041463F596DB5ADCC46B3
                                                                                                  Malicious:false
                                                                                                  Preview:<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <title>Secure password manager</title>.. <style type="text/css">.html {.. font-family: sans-serif;..}..* {.. box-sizing: content-box;..}..body {.. margin: 0;.. padding: 0;.. background: #ffffff;.. color: #37474f;.. font-family: "Roboto", sans-serif;.. /*font-size: 1em;*/.. font-size: 15px;.. font-weight: 400;..}..html, body {.. overflow: hidden !important;..}...clear {.. display: block;.. clear: both;.. font-size: 0;.. height: 1px;..}..ul, ol, li {.. padding: 0;.. margin: 0;..}..ul, ol {.. padding: 15px 0;..}..li {.. list-style-type: none;.. margin-bottom: 5px;..}..li:last-child {.. margin-bottom: 0;..}..p { margin: 0; }..a,..a:active {.. color: #2b76c1;.. text-decoration: underline;.. outline: 0..}..a:hover,..a:focus {.. color: #225f9b;.. text-decoration: none;.. outline: 0..}...container {.. /*position: relative; */.. /* left: 50%; */.. /* right: 50%; */.. /* margin: 0 -400px; */.

                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408140624301\opera_package

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):39523328
                                                                                                  Entropy (8bit):7.999763070846584
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:786432:kA4DO4PO8xlm00lwMAGar4z4OpgndoQ0WmPQ1s3BeBplQ:hID0lwvr4MAgdodI1s3Q3lQ
                                                                                                  MD5:9D86BDCA52ACA8A8DF30AB7D207A44CD
                                                                                                  SHA1:E3EAE542B6DDBAEF018BD620F6C5A1629298775B
                                                                                                  SHA-256:7625E07F30131A2B3DACA28BA44DEC590A6787E819DFB087E0A9979B48D4FE66
                                                                                                  SHA-512:D5F6BE3F463F11C97976FAFBAC79E5FAFBB15AC55CFEFE791DE326762E2A2A4ECDA5B79351B2ADF13F592B473953433B9CA1219D516F14A796E7B9A7378B28FA
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(2S&lS=ulS=ulS=u'+>t`S=u'+8t.S=u..8tAS=u..9t.S=u..>tyS=u'+9tyS=u'+<teS=ulS<u.S=u..5t:S=u...umS=ulS.umS=u..?tmS=uRichlS=u........PE..L...4.if...............'..........................@...................................~...@..................................R..d...................8.~..).......&......................................@............................................text............................... ..`.rdata..............................@..@.data....A...`.......J..............@....rsrc................`..............@..@.reloc...&.......(...j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6731168
                                                                                                  Entropy (8bit):7.179773604335789
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:pZxBCZ6666666666666666666666666666666x666666666666666fwwwwwwwww0:quEfslZkbdnq215vi3wxSjGs2CRDw8fI
                                                                                                  MD5:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  SHA1:578EA8B4BD0BBD32114BFD61910118C3D9CFC355
                                                                                                  SHA-256:8A82AE5C857123CC6972B93828F3A6202C0DB4D325EA6D5B1E36DCFB290C1E09
                                                                                                  SHA-512:23470D0AA5989132EFA1FCD4B1D183374384E3B75249910C08E22D2FEDF315F084028B7299D6F6C0A5230B2EC78179485D0F187D0A87F710D25F1EAC81939E47
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."......P...8b..................@...........................f.......g...@.....................................P.........a...........f..)....f.d7...................................`...............................................text...8O.......P.................. ..`.rdata.......`.......T..............@..@.data....5...@......................@....tls.................L..............@....rsrc.....a.......a..N..............@..@.reloc..d7....f..8...Tf.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814062426827.log

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:ASCII text, with very long lines (1852)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6604
                                                                                                  Entropy (8bit):5.815516419162585
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:gJpgbCzTWLyAe5HGTnMBXnmhEJpgbpEzYwS8LeIS/GKSoabQzrwNvs:afYyfRG7MBXnBbLrOkkrwZs
                                                                                                  MD5:659351D1D60C1848B732ED3E3835CB99
                                                                                                  SHA1:7E3AB6377239F4FF58BE56BB9F5E57E708DDBFC8
                                                                                                  SHA-256:16AB776E0D856F7A8A1C762559CC6D77D06BD5EF8DFC0501FB62B4CF64FDA8F9
                                                                                                  SHA-512:0B0D5FC4CA00C2FF445D16B0A6AEEEEDDE12FAD2D0A53A0007B3188FED47D9B79038C3FFFF976979F417B88409C363DC17567BD0EDF4AD7DEEDD627F282E3E64
                                                                                                  Malicious:false
                                                                                                  Preview:[0814/062426.843:INFO:installer_main.cc(475)] Opera GX installer starting - version 112.0.5197.60 Stable.[0814/062426.843:INFO:installer_main.cc(478)] Command line: "C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --silent --allusers=0 --server-tracking-blob=NmJhMTgyZTY5ZGVjMmQyOGI4OGE4ZjU4ODc2ODc0MjIzYThiNDg4OGZiZGRhZmNhMmY3NTI0MzFjMjk5NmYzODp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMTA1OC4yNzkxIiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJkOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImMzOGRjYTVlLTQ5NzU

                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240814062432433.log

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:ASCII text, with very long lines (1817)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3252
                                                                                                  Entropy (8bit):5.768241502084519
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:9bbFlbTN6QMQ8XbiSLA0qAmhYlJpURbjVEb6GYlySHcNt3cVbLf3FpVb9VbODVbd:pMBXnmhEJpgbpEzYwS86ia/fgQ+P
                                                                                                  MD5:D782D0A3232CB64398CD3893006EFDEA
                                                                                                  SHA1:1E160F49A45412D3FA1FF87761750629270856BB
                                                                                                  SHA-256:2823C806D7E51F3D8E6BEED14E643E8E7C1E239000E478E331E181860A8CC0AB
                                                                                                  SHA-512:C64BE097AE0C7B72A2F2367DAA82450F43027998BA6B66752975F7AB9A8ECB4A6557BD5551A04239EAC4FCD6DD3A0AE9D32DC23865706682A4EA93019621D444
                                                                                                  Malicious:false
                                                                                                  Preview:[0814/062432.433:INFO:installer_main.cc(475)] Opera GX installer starting - version 112.0.5197.60 Stable.[0814/062432.433:INFO:installer_main.cc(478)] Command line: "C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=MWU4M2E0MTFmY2E4ZWJlODYwMGQ0OTFhNzZkNzg4ODYxODcyYzVhYzI5YWM2NzRkNzczO

                                                                                                  C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6731168
                                                                                                  Entropy (8bit):7.179773604335789
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:pZxBCZ6666666666666666666666666666666x666666666666666fwwwwwwwww0:quEfslZkbdnq215vi3wxSjGs2CRDw8fI
                                                                                                  MD5:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  SHA1:578EA8B4BD0BBD32114BFD61910118C3D9CFC355
                                                                                                  SHA-256:8A82AE5C857123CC6972B93828F3A6202C0DB4D325EA6D5B1E36DCFB290C1E09
                                                                                                  SHA-512:23470D0AA5989132EFA1FCD4B1D183374384E3B75249910C08E22D2FEDF315F084028B7299D6F6C0A5230B2EC78179485D0F187D0A87F710D25F1EAC81939E47
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."......P...8b..................@...........................f.......g...@.....................................P.........a...........f..)....f.d7...................................`...............................................text...8O.......P.................. ..`.rdata.......`.......T..............@..@.data....5...@......................@....tls.................L..............@....rsrc.....a.......a..N..............@..@.reloc..d7....f..8...Tf.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):249584
                                                                                                  Entropy (8bit):6.638738315559828
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:3eJbDwLibLaZ/S91gxiJPU3qtmQv2cthYSdqMREwPLr6VsOWPGWynVFBQMeJquuS:3kDOZargxSHmQv2+B9EwCzBQMeQwqO7
                                                                                                  MD5:2BA68B0B5DA36C0641EA0BE5322AE747
                                                                                                  SHA1:F9564F10629E5776B9F59972DF66F21420EBACFB
                                                                                                  SHA-256:48754253066B5E258DAB77174F321267B1B18A190F59BAA6FB87807943FB77D1
                                                                                                  SHA-512:BE33E720DB0BFCA8C50C716DF10E1D48E9B094D2E5624385284061D5B60C4F4958328439AF9A467B03030FE0DCB0B922BDA607C485BC48185370C70496954882
                                                                                                  Malicious:true
                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........M..]M..]M..].'.]F..].'.]..].'.]U..]...\_..]...\[..]...\O..]...\}..]D.}]L..]D.m]B..]M..]...]D.z]L..]...\@..]...]L..]M.i]O..]...\L..]RichM..]........................PE..L......f.........."......,...~...... ........@....@.................................S.....@.......................................... ..............H....*..............p...................0........^..@............@......,........................text....*.......,.................. ..`.rdata......@.......0..............@..@.data...8...........................@....didat..P...........................@....rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3277888
                                                                                                  Entropy (8bit):7.960438631718816
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:mVAbw8VyRPkVwSdyKE6a8anqApzEVZnk8m0Uf89+zvi1QXsy4TpM+DWUl+n1asoF:iA7VyRPS7MLq4ykF09+riyXWz6Har
                                                                                                  MD5:62633678215EE32B3609D9755F84B71B
                                                                                                  SHA1:B50C025D9B57D7D5BBE92969B6879F60E20596D4
                                                                                                  SHA-256:25BFE9B29B915087AB8763D8FBA82B825496D7314C001135F5CFEB384E507F12
                                                                                                  SHA-512:770B3C1E0F7F26E1E5B0545F8C4B8F2BBD3C968FF0DE6BA6C4060607F27D7DF9A45B405333C37D5731ABF41FDEA2A3E9745FA3F192B4320AA4F14161DE8EC39E
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N....m...m...m..A....m..A....m...._m.....m.....m..A....m..A....m...m...m....\m....X..m...m0..m.....m..Rich.m..........PE..L....if...............'.....j....................@.................................l42...@.................................H...d.......L0............1..,...@...1...C...............................C..@...............0............................text............................... ..`.rdata..z...........................@..@.data....K..........................@....rsrc...L0.......2..................@..@.reloc...1...@...2..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13853648
                                                                                                  Entropy (8bit):7.995252036325378
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE
                                                                                                  MD5:9882A328C8414274555845FA6B542D1E
                                                                                                  SHA1:AB4A97610B127D68C45311DEABFBCD8AA7066F4B
                                                                                                  SHA-256:510FC8C2112E2BC544FB29A72191EABCC68D3A5A7468D35D7694493BC8593A79
                                                                                                  SHA-512:C08D1AA7E6E6215A0CEE2793592B65668066C8C984B26675D2B8C09BC7FEE21411CB3C0A905EAEE7A48E7A47535FA777DE21EEB07C78BCA7BF3D7BB17192ACF2
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p......!.....@..............................................;...........;..8(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024237972132.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6204832
                                                                                                  Entropy (8bit):7.19676202349907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:o6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwt:SuEfslZkbdnq215vi3wxSjGs2CRDw8fS
                                                                                                  MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                  SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                  SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                  SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024264626300.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6204832
                                                                                                  Entropy (8bit):7.19676202349907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:o6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwt:SuEfslZkbdnq215vi3wxSjGs2CRDw8fS
                                                                                                  MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                  SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                  SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                  SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024283453352.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6204832
                                                                                                  Entropy (8bit):7.19676202349907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:o6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwt:SuEfslZkbdnq215vi3wxSjGs2CRDw8fS
                                                                                                  MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                  SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                  SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                  SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024312062272.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6204832
                                                                                                  Entropy (8bit):7.19676202349907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:o6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwt:SuEfslZkbdnq215vi3wxSjGs2CRDw8fS
                                                                                                  MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                  SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                  SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                  SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2408141024320062980.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6204832
                                                                                                  Entropy (8bit):7.19676202349907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:o6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwt:SuEfslZkbdnq215vi3wxSjGs2CRDw8fS
                                                                                                  MD5:1E6485E90130BB0CFFD2AE2CA7FEF2A2
                                                                                                  SHA1:B9C01FDDB3921B6F56D8D774EB0364F7024428E8
                                                                                                  SHA-256:907CB59383443CE62FDCD2EB90E4BF32CF3A0DE6078E708F694DFC7BD7166B5B
                                                                                                  SHA-512:E28EC73E1465591827F092B71AB740A8DE0B7FFCF5AF0B3E4C1C8BE37F16F1A87AE4FDFE23C25A305741A5AAF30FD2AAB77F55061EB729F0DC5E64AEF3DD6527
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....I.f.........."!.....@5..<).....0.&......................................P`....."._...@A.........................I=.m...|I=.......?.0.............^..)....^.......=.....................0.=.....8W5..............T=.4....H=.`....................text....?5......@5................. ..`.rdata...g...P5..h...D5.............@..@.data.........=..@....=.............@....rodata......p?.......=............. ..`.tls....].....?.......=.............@...CPADinfo0.....?.......=.............@...malloc_h......?.......=............. ..`.rsrc...0.....?.......=.............@..@.reloc........^.......\.............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814062325.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:ASCII text, with very long lines (321), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16359
                                                                                                  Entropy (8bit):5.514729515585539
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:IxL7BnZ1J131c1Q1/19161CEAt1qwygk+28M25FkF433IRNwVgB:IxL9xEAtNko/WyIRNYgB
                                                                                                  MD5:A6788CBE956A738231D55D5A89F9D9CF
                                                                                                  SHA1:0A6B5B9B4A3AFECFB5E216D5FF712408C7775255
                                                                                                  SHA-256:453FE887401D5FBC2EBBED581BF5981648F773A4DD157E6CF5A7C2C40D8D8642
                                                                                                  SHA-512:59D361E56081219D7C8AF388F8AE7D560E980B2E2C327312090474DB7A63D2F3619DC4AD800BB6DCC56E21C10636487872482A7C4BD789AC2D381130DDD6D83F
                                                                                                  Malicious:false
                                                                                                  Preview:[08FC:0C2C][2024-08-14T06:23:24]i001: Burn v3.10.4.4718, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe..[08FC:0C2C][2024-08-14T06:23:24]i009: Command Line: '-burn.clean.room=C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe -burn.filehandle.attached=524 -burn.filehandle.self=532 /quiet /norestart'..[08FC:0C2C][2024-08-14T06:23:24]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe'..[08FC:0C2C][2024-08-14T06:23:24]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\AppData\Local\Temp\DriverHub\'..[08FC:0C2C][2024-08-14T06:23:25]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814062325.log'..[08FC:0C2C][2024-08-14T06:23:25]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015-2022 Redistributa

                                                                                                  C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814062325_000_vcRuntimeMinimum_x86.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146616
                                                                                                  Entropy (8bit):3.834278353544204
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:yv3qPTskCSfhjQHSLgI97JAA5rLYy6KW3MLBmGh/M/1p9QjtzggggggggggkBDdm:yaHjtzggggggggggkBDdoLAa6wh8gtp
                                                                                                  MD5:E05FDDDBF2553CCA0002FE9028BB0B0D
                                                                                                  SHA1:D51F106C45B9A6F92D8B541B82BC59D0E368C5AA
                                                                                                  SHA-256:EE1F4CCD7576DC56FC0C5A1DCBB3660443D789DE0BDD9939549EB511CC58FD34
                                                                                                  SHA-512:38D0D79DEE19A18EBF9417BBDBAECDB97FC84BC72B0BB1D7FD5E04EB0669F9EEA4A1C99ACCF0A084D096DB117523134E9B92CCED017B810103E74FA3FAE8CA65
                                                                                                  Malicious:false
                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.8./.2.0.2.4. . .0.6.:.2.3.:.4.2. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.9.C.8.8.F.1.3.9.-.E.9.8.B.-.4.7.C.F.-.9.F.C.D.-.5.6.9.B.8.6.D.F.E.0.7.6.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.4.:.0.4.). .[.0.6.:.2.3.:.4.2.:.0.2.7.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.4.:.0.4.). .[.0.6.:.2.3.:.4.2.:.0.2.7.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.6.4.:.0.4.). .[.0.6.:.2.3.:.4.2.:.0.2.7.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.2.8.6.D.C.3.9.B.-.5.F.B.7.-.4.A.F.F.-.9.D.D.4.-.2.2.D.B.4.7.6.6.4.C.D.7.}.v.1.4...3.8...3.3.1.3.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.

                                                                                                  C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814062325_001_vcRuntimeAdditional_x86.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (411), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146838
                                                                                                  Entropy (8bit):3.827415676012418
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072://ZjDTxHLL0NjjFttqIJ2f5MLV125abk55ugX2:pjO
                                                                                                  MD5:DAB64604F00CCB3B97FA1BEC0E55B821
                                                                                                  SHA1:004413278DB4BC38CFD51DC2D05B9C9F1D10812B
                                                                                                  SHA-256:61A9B104662C2D5466880FA9C401963033BEF545AFA38277FDA60E55A8FA31C6
                                                                                                  SHA-512:5AAFC84E6D08F4BC3B66D0C4C1262C83F26ACC2629D2A36930CA63D7B631C6E198915E0578DDC51DDF097A73F7B195F81C82C35411D932DB179ECE9794F1B8AD
                                                                                                  Malicious:false
                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.4./.0.8./.2.0.2.4. . .0.6.:.2.3.:.4.5. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.9.C.8.8.F.1.3.9.-.E.9.8.B.-.4.7.C.F.-.9.F.C.D.-.5.6.9.B.8.6.D.F.E.0.7.6.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.8.6...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.4.:.B.C.). .[.0.6.:.2.3.:.4.5.:.0.5.8.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.4.:.B.C.). .[.0.6.:.2.3.:.4.5.:.0.5.8.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.6.4.:.B.C.). .[.0.6.:.2.3.:.4.5.:.0.5.8.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.9.C.1.9.C.1.0.3.-.7.D.B.1.-.4.4.D.1.-.A.0.3.9.-.2.C.0.7.6.A.6.3.3.A.3.8.}.v.1.4...3.8...3.3.1.3.5.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.

                                                                                                  C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814062356.log

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3785
                                                                                                  Entropy (8bit):5.452175995249886
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:NphdhMID2Dtn11l1L1o1U1b1h1G1p4qhnZhC0heYe:qZtn11l1L1o1U1b1h1G1W
                                                                                                  MD5:379E8985F1D89BC5003E3338370FD7D3
                                                                                                  SHA1:9278E7C6FAA747AF4596153C598ED327BDDBB903
                                                                                                  SHA-256:3E94933015718ED4C3D1F1DC381357DE3B1F6001C0D43722E387104018407703
                                                                                                  SHA-512:10988B35A64CDEAAF9E6DA57B1D220F5117CBCD9BA3435674C6B780B4FA0C67D4E2D11019EBCC41A79C1DF840952DEF1A914EC358B264B074DBD12C29AB9BD99
                                                                                                  Malicious:false
                                                                                                  Preview:[0C2C:08FC][2024-08-14T06:23:55]i001: Burn v3.10.4.4718, Windows v10.0 (Build 19045: Service Pack 0), path: C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe..[0C2C:08FC][2024-08-14T06:23:55]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556'..[0C2C:08FC][2024-08-14T06:23:56]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_x86_20240814062356.log'..[0C2C:08FC][2024-08-14T06:23:56]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'..[0C2C:050C][2024-08-14T06:23:56]i000: Setting version variable 'WixBundleFileVersion' to value '14.38.33135.0'..[0C2C:08FC][2024-08-14T06:23:56]i100: Detect begin, 10 packages..[0C2C:08FC][2024-08-14T06:23:56]i000: Setting version variable 'windows_uCRT_DetectKey' to value '10.0.19041.789'..[0C2C:08FC][2024-0

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1028\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18415
                                                                                                  Entropy (8bit):4.043868285184243
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:Haz4aHQbC6dBCLCNavmu6OqSPEmmVUJ9etKL5W2cBxGC4iSM0fvJ9seyryH1mqGI:2yk/RF8e7GWU2
                                                                                                  MD5:2B063D92663595DFE4781AE687A03D86
                                                                                                  SHA1:0FB582E756DBC751EA380593AC4DA27DDB4EBB06
                                                                                                  SHA-256:44C76290F7A2E45940E8338912FEB49BCF4E071CFA85D2D34762857743ACBC8D
                                                                                                  SHA-512:94C8FDA6173C7F5740F206190EDCD1F1F1C309596B710D400E23CD363A619D707A5D4576D4FE63AB7CB68947F009EFD29A1FBE04743A294698BF2AE17E92C214
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'88\'cc\'d0\'d0\'eb\'41\'b6\'ce\f0 \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fc\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a1\'a3\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1028\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2980
                                                                                                  Entropy (8bit):6.163758160900388
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOtMes9T/JhDXsA9EHSniarRFeOrw8N3mZNNTN2N08CEjMUWFPmDlTKJKy2:uDiTlFrDDsA9tfHP8+8nhM0WamzqDFqD
                                                                                                  MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                                                  SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                                                  SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                                                  SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1029\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13234
                                                                                                  Entropy (8bit):5.125368352290407
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:T7wfl7OGpX5a5HEgQ2psch5jotXxEvH++3kamdyjCrDZugDHgbGNl86NhrYGY9D2:Yfl7O5ocINaHmjI44fUixAvOwwrJ2
                                                                                                  MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
                                                                                                  SHA1:511F5DE8A99C09EC3766C5E2494A79EACCA261C8
                                                                                                  SHA-256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
                                                                                                  SHA-512:77108E53CD58E42F847D8EF23A07723C4849DC41DBE1C3EF939B9170E75F525BEC9D210D6C1FBFEB330ECE2E77B8A8E2808730D9E6F72F5B3FE626D58B6068C6
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z jej\f0\'edch afilac\'ed, v\~z\'e1vislosti na tom, kde bydl\'edte) a v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1029\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3333
                                                                                                  Entropy (8bit):5.370651462060085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOtesM6H2hDdxHOjZxsaIIy3Iy5sDMN3mkNFN7NwcfiPc3hKPnWZLF0hKqZ:uDiTlVxxHOy/9xXfpZJYnL8xK2S
                                                                                                  MD5:16343005D29EC431891B02F048C7F581
                                                                                                  SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                                                  SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                                                  SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1031\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12392
                                                                                                  Entropy (8bit):5.192979871787938
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:N6AY7JCc/2WVJtntrUqMmvuUh+mxYpnY4+ZqDe6mUZaEzYNvQ8yOejISRC4WL32:PUw2lSSssWVzOHyOejIS/22
                                                                                                  MD5:2DDCA2866D76C850F68ACDFDB696D6DE
                                                                                                  SHA1:C5076F10B0F0654CDE2C990DEEB2772F3CC4844B
                                                                                                  SHA-256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
                                                                                                  SHA-512:E3A3693B92873E0B42007616FF6916304EDC5C4F2EEE3E9276F87E86DD94C2BF6E1CF4E895CDF9A1AA0CAC0B381B8840EEE1F491123E901DEE75638B8BC5CE1B
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil Tahoma;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBEDINGUNGEN\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Diese Lizenzbestimmungen stellen eine Vereinbarung zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem ihrer Affiliate-Partner) dar. Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dcGEN SIE \'dcBER DIE NACHFOLGEND AUFGEF\'dcHRTEN RECHTE.\par....\pard{\pntext\f3\'B7\tab}{\*\pn\pnlvlblt\pnf3\pnindent360{\pntxtb\'B7}}\

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1031\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3379
                                                                                                  Entropy (8bit):5.094097800535488
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOZuesXJhDEVTORNxSMoZN3mteNSiNGNsZuiAXEqicMwhPXbhu9KwKlK8Kq:uDiTl3N7xSbu0N8+AhSNnm
                                                                                                  MD5:561F3F32DB2453647D1992D4D932E872
                                                                                                  SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                                                  SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                                                  SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1036\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12349
                                                                                                  Entropy (8bit):5.108676965693909
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7Jja9NaNbUmVao9L5EOMjWghxjUSeuDSej2:dj84gmVz9EDjW8GSZC
                                                                                                  MD5:A6E352E5804313CCDE3E4D5DDDDE122D
                                                                                                  SHA1:834E3AAA07DC675589A9E5FCD23CE5586C2739E8
                                                                                                  SHA-256:5C13A65870D770D1642A4259EECB436257CA39016A0500F747BE9C79BE0C7009
                                                                                                  SHA-512:6578AC6467F61930BC1B20E404441725C63790C65AEC1ACE297429EAD15F50E68D5FE9CC1451AC86AE23DC1A7FE967650166293010D687785FB81FB4492B87C4
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil\fcharset177 Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\ltrpar\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Les pr\'e9sentes conditions de licence constituent un contrat entre Microsoft Corporation (ou en fonction de votre lieu de r\'e9sidence, l\f1\rquote\f0 un de ses affili\'e9s) et vous. Ils s\f1\rquote\f0 appliquent au logiciel vis\'e9 ci-dessus. Les termes s\f1\rquote\f0 appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\f1\rquote\f0 autres termes n\f1\rquote\f0 accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT D

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1036\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3366
                                                                                                  Entropy (8bit):5.0912204406356905
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO1BesgKLhD1K8cocDSN3m4NlN2ZfNmXL8ePZFcZkLPqUf9fQKRLKeKqZfj:uDiTlABzH1/qt4qgcXY
                                                                                                  MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                                                  SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                                                  SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                                                  SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1040\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11440
                                                                                                  Entropy (8bit):5.037988271709582
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HJdZDQX6UXR2+5AkgS/PhdzerS8QGowHV66zdgkycjGCDLQ+n3YJ258FSiej4LaW:7azAUd+RrR5jjPLQY3YJTSjk42
                                                                                                  MD5:BC58AD6ABB16B982AEBADC121B37E706
                                                                                                  SHA1:25E3E4127A643DB5DB2A0B62B02DE871359FAE42
                                                                                                  SHA-256:70ECF23C03B66A2B18E173332586AFA8F00F91E02A80628F4F9CB2521E27F6AC
                                                                                                  SHA-512:8340452CB5E196CB1D5DA6DBB3FA8872E519D7903A05331055370B4850D912674F0B6AF3D6E4F94248FE8135EB378EB36969821D711FE1624A04AF13BBE55D70
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..RUNTIME MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, tranne se accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1040\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3319
                                                                                                  Entropy (8bit):5.019774955491369
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO1eesy+hD9BOtBFv5Vo8BbQhMNDJN3msNlNohNNz+wcPclM+PAoYKp+K/u:uDiTlfQvo8WutJ/s9FHNOJp
                                                                                                  MD5:D90BC60FA15299925986A52861B8E5D5
                                                                                                  SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                                                  SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                                                  SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1041\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30228
                                                                                                  Entropy (8bit):3.785116198512527
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:I6ZzmL3hCm2AivEiTsk3H1DjM3Lm4nVsO4Uy9C0QueLJkEBN7VvfNSqkO+0TU7B9:VArCQx/2LLW7//72
                                                                                                  MD5:47C315C54B6F2078875119FA7A718499
                                                                                                  SHA1:F650DDB5DF2AF2EE7555C410D034B37B9DFD055B
                                                                                                  SHA-256:C3061A334BFD5F02B7085F8F454D5D3D97D477AF14BAB497BF31A7887BC90C5B
                                                                                                  SHA-512:A0E4B0FCCCFDD93BAF133C2080403E8719E4A6984237F751BD883C0D3C52D818EFD00F8BA7726A2F645F66286305599403470F14D39EEDC526DDE59228A5F261
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS PGothic;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f1\par..MICROSOFT VISUAL C++ 2015 - 2022 \f0\'83\'89\'83\'93\'83\'5e\'83\'43\'83\'80\f1\par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation\f2\'a3\'a8\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'bd\'8a\'d6\'98\'41\'89\'ef\'8e\'d0\f2\'a3\'a9\f0\'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\f2\'a1\'a3\'b

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1041\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3959
                                                                                                  Entropy (8bit):5.955167044943003
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:uDiTlDuB1n+RNmvFo6bnpojeTPk0R/vueX5OA17IHdGWz:5uB1+gD1DU4EdGE
                                                                                                  MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                                                  SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                                                  SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                                                  SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1042\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28393
                                                                                                  Entropy (8bit):3.874126830110936
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:CuQibAmua4XatV1pMxlD1xzjxsZmfmzw4ezN7RQjyeqCBS96My7yNRylDSFrQv90:n4atZClDFsZuheqooMerJlQq/
                                                                                                  MD5:641D926354F001034CF3F2F3B0FF33DC
                                                                                                  SHA1:5505107FFF6CF279769A82510276F61EA18637AE
                                                                                                  SHA-256:3D4E9C165CBEAB829D608106F0E96450F839FFA8ADBD755F0B51867E89DA2AE0
                                                                                                  SHA-512:B0339664434B096ABC26D600F7657919EF3689B4E0FDFD4EDD8E479859A51EF51BE8F05FA43E25567FFD6C1C2BCC6EF0D7A857B6D666D264C7783BAD3A383D0E
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'b7\'b1\'c5\'b8\'c0\'d3\f0 \par..\b0\f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1042\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3249
                                                                                                  Entropy (8bit):5.985100495461761
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
                                                                                                  MD5:B3399648C2F30930487F20B50378CEC1
                                                                                                  SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                                                  SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                                                  SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1045\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13352
                                                                                                  Entropy (8bit):5.359561719031494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:Pd0SEvKJ7P9yEw1VAOV/sHm/Iznc2wf6w2:8Jf/sHmAzcaX
                                                                                                  MD5:F140FD8CA2C63A861D04310257C1B1DB
                                                                                                  SHA1:7BF7EF763A1F80ECACA692908F8F0790A88C3CA1
                                                                                                  SHA-256:6F94A99072061012C5626A6DD069809EC841D6E3102B48394D522A0C2E3AA2B5
                                                                                                  SHA-512:A0BD65AF13CC11E41E5021DF0399E5D21B340EF6C9BBE9B1B56A1766F609CEB031F550A7A0439264B10D67A76A6403E41ABA49B3C9E347CAEDFE9AF0C5BE1EE6
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA MICROSOFT\par..\f0 MICROSOFT VISUAL C++ \f1\'8cRODOWISKO URUCHOMIENIOWE 2015-2022 \par..\b0\f0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\f1\'b9. Postanowienia te dotycz\'b9 oprogramowania okre\'9clonego powy\'bfej. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym tow

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1045\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3212
                                                                                                  Entropy (8bit):5.268378763359481
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOPesar4hDo7zGriQjDCN3mDNN0NrsNGl3vxkIP2hUdKLK0KbK4n6W0sfNM:uDiTlusPGriQw8n2rOij4JsU
                                                                                                  MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                                                  SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                                                  SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                                                  SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1046\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10956
                                                                                                  Entropy (8bit):5.086757849952268
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:H2JR4ufWXXFA+YGRjHquAHHoKWCsGlHIpSDDvJRkYhaDznP3l7wLXiBpt32:WJ6ufB+Yc3AnoZCb5AGPQPCLQ72
                                                                                                  MD5:9A8D2ACF07F3C01E5CBC461AB932D85B
                                                                                                  SHA1:8781A298DCC14C18C6F6DB58B64F50B2FC6E338E
                                                                                                  SHA-256:27891EEC899BE859E3B4D3B29247FC6B535D7E836DEF0329111C48741EC6E701
                                                                                                  SHA-512:A60262A0C18E3BEF7C6D52F242153EBE891F676ED639F2DACFEBBAC86E70EEBF58AA95A7FE1A16E15A553C1BD3ECACCD8677EB9D2761CB79CB9A342C9B4252E2
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..TEMPO DE EXECU\'c7\'c3O DO MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Os presentes termos de licen\'e7a constituem um contrato firmado entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pn

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1046\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3095
                                                                                                  Entropy (8bit):5.150868216959352
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO5es/4ThDzmU6lDj4N3mBl0N+NWNP4hHCc9skPDXeKKeK9KfKt4eJ2RQdg:uDiTlJhJGl2UsZMLe6
                                                                                                  MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                                                  SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                                                  SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                                                  SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1049\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):31981
                                                                                                  Entropy (8bit):3.6408688850128446
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:GdkM1I1EqW6aAHmxiTJrN6feZ78C7e5zoPqp007FsrmPx/1JRbnS0Yk4SYdIDtx2:Su4Mtg1S0YkjYWZM
                                                                                                  MD5:62229BE4447C349DF353C5D56372D64B
                                                                                                  SHA1:989799ED24913A0E6AE2546EE2A9A8D556E1CB3B
                                                                                                  SHA-256:1BB3FB55B8A13FA3BAFFFE72F5B1ED8B57A63BD4D8654BB6DC5B9011CE803B44
                                                                                                  SHA-512:FA366328C3FD4F683FDB1C5A64F5D554DE79620331086E8B4CCC2BFC2595B1FDED02CEC8AA982FCD8B13CC175D222AF2D7E2CD1A33B52F36AFD692B533FDBF13
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Tahoma;}{\f3\fnil\fcharset204 Garamond;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\'d1\'d0\'c5\'c4\'c0 \'c2\'db\'cf\'ce\'cb\'cd\'c5\'cd\'c8\'df MICROSOFT VISUAL C++ 2015\f1\endash\f2 2022 \par..\b0\f0\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1049\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4150
                                                                                                  Entropy (8bit):5.444436038992627
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlDhQt9esbrohDTWJt49kAr7DHN3m5GNDCNvNLIkflhrWncPingGdZwK1Kqp:uDiTlDYVgmt4xJ88k193ipzjvL
                                                                                                  MD5:17C652452E5EE930A7F1E5E312C17324
                                                                                                  SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                                                  SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                                                  SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1055\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13807
                                                                                                  Entropy (8bit):5.2077828423114045
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:mfGSPTe1VWjPqkdUxtptACpt4jSzUQBtB7+fzCCnebZ/42W2TEAQjE4oOwuxqrEs:7SK+W6UbACp2SzD9+btebZwZWEdpow2
                                                                                                  MD5:9625F3A496DBF5E3E0D2F33D417EDBBF
                                                                                                  SHA1:119376730428812A31B70D58C873866D5307A775
                                                                                                  SHA-256:F80926604E503697247353F56856B31DE0B3FC1319F1C94068363952549CC9B1
                                                                                                  SHA-512:DB91A14FC27E3A62324E024DD44E3B5548AF7E1C021201C3D851BD2F32537885AACFC64ADAE619BAC31B60229D1D5FC653F5301CD7187C69BD0ACECCE817D6A3
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset238 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 \'c7ALI\f1\'aaMA S\f0\'dcRESI \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan s\f0\'f6zle\f1\'bameyi olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\pa

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\1055\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3221
                                                                                                  Entropy (8bit):5.280530692056262
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOaesHEqhDTHV4zVy6oBzdp0DYK2GP2ZmN3majyNXNoNKQXVvChcPc+WKb0:uDiTl3PHcIflKNTPgdi12xgg
                                                                                                  MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                                                  SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                                                  SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                                                  SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\2052\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18214
                                                                                                  Entropy (8bit):3.9837154113926356
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:Hom4PyAjs/HBJ5qyK3PG4lk5xxKyAW1yW7/Y3OKchGMvGMLdo4+uHq9f4yPxrdCX:IDM1OR5rGU2
                                                                                                  MD5:D083C7E300928A0C5AEA5ECBD1653836
                                                                                                  SHA1:08F4F1F9F7DFA593BE3977515635967CE7A99E7A
                                                                                                  SHA-256:A808B4933CE3B3E0893504DBEF43EBF90B8B567F94BD6481B6315ED9141E1B11
                                                                                                  SHA-512:8CB3FFAD879BABA36137B7A21B62D9D6C530693F5E16FBB975F3E7C20F1DB5A686F3A6EE406D69B018AA494E4CD185F71B369A378AE3289B8080105157E63FD0
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0\f1\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f0 Microsoft Corporation\f1\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f0 Microsoft \f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\2052\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2978
                                                                                                  Entropy (8bit):6.135205733555905
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOtKesi+hDtkQf7lz+W0gopN3m5+3cNONeN1ra8vWqPtlTKxKUTKlKXRoR+:uDiTlV5kQR9GLeE0ZxV6gIV
                                                                                                  MD5:3D1E15DEEACE801322E222969A574F17
                                                                                                  SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                                                  SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                                                  SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\3082\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10825
                                                                                                  Entropy (8bit):5.1113252296046126
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HalhwTwQ4yzePBrarlvTteQH3bf9WaoXUBXZRaS9YARl0hcXNVD32:6lc4krlU2ymLN12
                                                                                                  MD5:873A413D23F830D3E87DAB3B94153E08
                                                                                                  SHA1:24CFC24F22CEF89818718A86F55F27606EB42668
                                                                                                  SHA-256:ABC11BB2B04DFF6AFE2D4D4F40D95A7D62E5AF352928AF90DAA3DADE58DD59BD
                                                                                                  SHA-512:DC1ECCB5CC4D3047401E2BC31F5EB3E21C7881C02744A2E63C10D3C911D1158DCFAC023988E873C33DC381C989304FE1D3CB27ED99D7801285C4C378553CD821
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Los t\'e9rminos de esta licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n de donde viva, una de las sociedades del grupo) y usted. Se aplican al software mencionado anteriormente. Los t\'e9rminos tambi\'e9n se aplican a los servicios o actualizaciones de software de Microsoft, excepto en la medida en que sus t\'e9rminos sean diferentes.\par..\b SI USTED CUMPLE LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE A CONTINUACI\'d3N SE DESCRIBEN.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb1

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\3082\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3265
                                                                                                  Entropy (8bit):5.0491645049584655
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO/esS6VGhDv4tiUiyRUqzC4U+aD6N3m7xNh1NWNGbPz+9o3PWeKK9K9KfT:uDiTlxouUTiySqyIwz9sgxqvjIk8
                                                                                                  MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                                                  SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                                                  SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                                                  SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\BootstrapperApplicationData.xml

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (558), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12906
                                                                                                  Entropy (8bit):3.7237107259370177
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:X0svF+PnH5zHqQHG0Hd8Hz7HE06HA0rH3FpFNxLon5zLa0LKJn/Bx7z8NkzzkvQf:X0sM/dLbmnoNNUd129potVoT
                                                                                                  MD5:055DD6CC2667D43E89368B6672E378C9
                                                                                                  SHA1:E4278D0440C2069F11735EE0AEECD9B576CB010C
                                                                                                  SHA-256:88EFFBF5C9EEB280C03FC8E39FDD685F91F0B95842F36FDE55DB5B759C35D68D
                                                                                                  SHA-512:1084EAC05F0931A7C6CA95A9AF44DE7E591DF17367AB58871B80D9C52E7208596B27F203C30EAF42DDD1913B4DC927B969CBE798CA4BA46D383A3DC427C7EB01
                                                                                                  Malicious:false
                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...1.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .7. .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...3.8...3.3.1.3.5.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.s.". .I.d.=.".{.4.6.c.3.b.1.7.1.-.c.1.5.c.-.4.1.3.7.-.8.e.1.d.-.6.7.e.e.b.2.9.8.5.b.4.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.F.8.9.9.B.

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9235
                                                                                                  Entropy (8bit):5.167332119309966
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:H8kZ1UVDWkiWZTIsp/4hghFF1Qf4lCfnEtHixEGx736wHqItfSpOtJ32:cM1RWZMi/zzlOnjt5HLoa2
                                                                                                  MD5:04B33F0A9081C10E85D0E495A1294F83
                                                                                                  SHA1:1EFE2FB2D014A731B752672745F9FFECDD716412
                                                                                                  SHA-256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
                                                                                                  SHA-512:D1DBED00DF921169DD61501E2A3E95E6D7807348B188BE9DD8FC63423501E4D848ECE19AC466C3CACFCCC6084E0EB2F457DC957990F6F511DF10FD426E432685
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\f

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\logo.png

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1861
                                                                                                  Entropy (8bit):6.868587546770907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
                                                                                                  MD5:D6BD210F227442B3362493D046CEA233
                                                                                                  SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                                                  SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                                                  SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2952
                                                                                                  Entropy (8bit):5.052095286906672
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTl/+desK19hDUNKwsqq8+JIDxN3mt7NlN1NVvAdMcgLPDHVXK8KTKjKnSnYF:uDiTl/BbTxmup/vrxATd
                                                                                                  MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                                                  SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                                                  SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                                                  SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\thm.xml

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8332
                                                                                                  Entropy (8bit):5.184632608060528
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:8L2HdQG+3VzHfz96zYFGaPSWXdhRAmImlqFQKFBiUxn7Ke5A82rkO/pWk3nswP:ZHAzZ/3
                                                                                                  MD5:F62729C6D2540015E072514226C121C7
                                                                                                  SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                                                  SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                                                  SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                                                  C:\Users\user\AppData\Local\Temp\{064AD702-EF36-42E1-B0A0-E61453A1FF36}\.ba\wixstdba.dll

                                                                                                  Download File
                                                                                                  Process:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):195600
                                                                                                  Entropy (8bit):6.682530937585544
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
                                                                                                  MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                                                  SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                                                  SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                                                  SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\DriverHub\settings.dat (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):792
                                                                                                  Entropy (8bit):3.3642304899991133
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:seBlQGeimLMPam51wUfNMejInjapxln8v94+VsMMD5rpll:hKfipCo1vMeKm8UTP
                                                                                                  MD5:406ABBC3FBD1957645506C990730B503
                                                                                                  SHA1:1995915761F61FE5300DB96E0300F767437D65DE
                                                                                                  SHA-256:8E54257FC119AFD3358865F626FB176BB636B4147C77C5A9319F0845658F8791
                                                                                                  SHA-512:7B387498C4A2BA850A44CA6783F70781356432DB7D499911D19E291A1D80CFCCC9DD1C28FA119646899ADA4017A04F199E5A239DE51253E216AC7BBE4C73FC32
                                                                                                  Malicious:false
                                                                                                  Preview:..............u.u.i.d........L.{.8.5.f.2.0.b.7.5.-.3.a.a.4.-.4.4.f.e.-.8.2.3.a.-.d.4.8.5.9.6.2.3.5.6.5.7.}... .s.e.t.t.i.n.g.s./.h.i.s.t.o.r.y.........DownloadedDriversHistory........,.s.e.t.t.i.n.g.s./.b.a.c.k.u.p.h.i.s.t.o.r.y.........BackupInfoHistory........0.l.a.s.t.R.e.c.o.m.m.e.n.d.e.d.T.a.b.U.p.d.a.t.e..........%=.........*.l.a.s.t.P.o.p.u.l.a.r.s.T.a.b.U.p.d.a.t.e..........%=...........l.a.n.g..........e.n...2.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.s.e.r.v.e.r............8.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.r.o.x.y.T.y.p.e..............c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.o.r.t............6.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.a.s.s.w.o.r.d............0.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.l.o.g.i.n..............a.p.p.V.e.r.s.i.o.n..........1...3...1.2...1.6.7.9

                                                                                                  C:\Users\user\AppData\Roaming\DriverHub\settings.dat.cjQmyR

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):792
                                                                                                  Entropy (8bit):3.3642304899991133
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:seBlQGeimLMPam51wUfNMejInjapxln8v94+VsMMD5rpll:hKfipCo1vMeKm8UTP
                                                                                                  MD5:406ABBC3FBD1957645506C990730B503
                                                                                                  SHA1:1995915761F61FE5300DB96E0300F767437D65DE
                                                                                                  SHA-256:8E54257FC119AFD3358865F626FB176BB636B4147C77C5A9319F0845658F8791
                                                                                                  SHA-512:7B387498C4A2BA850A44CA6783F70781356432DB7D499911D19E291A1D80CFCCC9DD1C28FA119646899ADA4017A04F199E5A239DE51253E216AC7BBE4C73FC32
                                                                                                  Malicious:false
                                                                                                  Preview:..............u.u.i.d........L.{.8.5.f.2.0.b.7.5.-.3.a.a.4.-.4.4.f.e.-.8.2.3.a.-.d.4.8.5.9.6.2.3.5.6.5.7.}... .s.e.t.t.i.n.g.s./.h.i.s.t.o.r.y.........DownloadedDriversHistory........,.s.e.t.t.i.n.g.s./.b.a.c.k.u.p.h.i.s.t.o.r.y.........BackupInfoHistory........0.l.a.s.t.R.e.c.o.m.m.e.n.d.e.d.T.a.b.U.p.d.a.t.e..........%=.........*.l.a.s.t.P.o.p.u.l.a.r.s.T.a.b.U.p.d.a.t.e..........%=...........l.a.n.g..........e.n...2.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.s.e.r.v.e.r............8.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.r.o.x.y.T.y.p.e..............c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.o.r.t............6.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.p.a.s.s.w.o.r.d............0.c.o.n.n.e.c.t.i.o.n.S.e.t.t.i.n.g.s./.l.o.g.i.n..............a.p.p.V.e.r.s.i.o.n..........1...3...1.2...1.6.7.9

                                                                                                  C:\Users\user\AppData\Roaming\DriverHub\settings.dat.lock

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):63
                                                                                                  Entropy (8bit):4.667700662166299
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Vr6MEr116EzUFyjT:R6MC36EzUwT
                                                                                                  MD5:5C81347233B21194157D56E87F652041
                                                                                                  SHA1:F21371BF602CA383C69D384E3B4E38B595680CE7
                                                                                                  SHA-256:150EE75F579E46D1D79312A9BE920960698FC2D9820BEFD47F5245A96E60230D
                                                                                                  SHA-512:FC2AEEA893C771E4E5B8EF1C339EB6544607646B21888CFC6C9A4CA456A43481C32B48F8381E7239358604BCB100C37576CC301C073F7ED3836FBACB85C9208C
                                                                                                  Malicious:false
                                                                                                  Preview:3748.DriverHub.user-PC.9e146be9-c76a-4720-bcdb-53011b87bd06..

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 14 09:24:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2677
                                                                                                  Entropy (8bit):3.97997467790832
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8zdMTwwgHhWidAKZdA19ehwiZUklqehey+3:8i3Xty
                                                                                                  MD5:78106E3722D6E57E3710224C2C397F7E
                                                                                                  SHA1:7075AFD513E4F4D70BD80A039AB92812F12645CD
                                                                                                  SHA-256:1F897F9D469E568AFFB6508B2124D4BC44E0A07B0D238A3662078810B78459CF
                                                                                                  SHA-512:672C1F68F4D15C6EEE23FDEEEDF1E58B8FDF1784E1EA8D152B8A63A403A3B6D950D9F17E828D1757EA4BFB537721DCE196CF9588630B3B0F144DCF9D770CD0E0
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...$+.,.....1.%4...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.S....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 14 09:24:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2679
                                                                                                  Entropy (8bit):3.9984083926021308
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8ndMTwwgHhWidAKZdA1weh/iZUkAQkqehdy+2:823d9Q0y
                                                                                                  MD5:5F9A4EA1147126193B5623ED2FD5FD82
                                                                                                  SHA1:088B7A96255290DA5F492272FA920A3481A8D2B0
                                                                                                  SHA-256:F7DE80939BF2EF2E6DB3364032AE7E834079562E90C9D1EBA6088A2C2C8869D8
                                                                                                  SHA-512:4EB12EA27690EF0546237C72961CCF657CCE8A1FBB5B7285EF293337880F2079761D5A02F06101AA1F633B19B15D5C5E498F00BDF1C768A87360A97FF3E9C9B6
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...$+.,....Q..$4...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.S....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2693
                                                                                                  Entropy (8bit):4.008565136724585
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8xpdMTwwsHhWidAKZdA14tseh7sFiZUkmgqeh7s7y+BX:8x43xnRy
                                                                                                  MD5:D159878C7FBFBE5E0A04C76089EEF45B
                                                                                                  SHA1:9EA69A147629D54DDAEDBB2DB5C8B5DB7970D27E
                                                                                                  SHA-256:A69C342EFA41B5DAAD7E5EF1D3E8BEFD25EFD36C8A8988FE2233410DC9840D39
                                                                                                  SHA-512:AB5F91FB919110EBEB2C3136B7A0F92267CC4CBD5A85DF633F5C16F9F5330A83FD7B5FE88475EC468E16915959EA7D61F320D39FEF7C737BA3FA2FF465495484
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.S....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 14 09:24:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2681
                                                                                                  Entropy (8bit):3.9969722746830723
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8sdMTwwgHhWidAKZdA1vehDiZUkwqehZy+R:8X3ejy
                                                                                                  MD5:DE65D153E38BE96656082249E3813A4F
                                                                                                  SHA1:47CD92D6C9861B87F074DCFD68C6832A34715736
                                                                                                  SHA-256:94F84CA5EF61F01243737DF1AC1A4E97522AA2DE8B5C203FA304B13E9ACEFDAD
                                                                                                  SHA-512:E044D810A355799268F4C38EFAEDDFE20CC9924EA19F5DE651374D0AD465D181C226CCD56BA7CF782706C00E8AAE5E458301AFCB2AF49D29B68C59D922E18353
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...$+.,....^..$4...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.S....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 14 09:24:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2681
                                                                                                  Entropy (8bit):3.9831310039336643
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8YdMTwwgHhWidAKZdA1hehBiZUk1W1qeh/y+C:8z3u9fy
                                                                                                  MD5:7BA627B2214F58B18FC225FD3456B662
                                                                                                  SHA1:E8D0963AE3C346A71FE0F0F341E50CD2766BEB78
                                                                                                  SHA-256:2E723EDB2437CAE6BEAE74642F005B01180C48EF8B192C84E19A43E009D650B9
                                                                                                  SHA-512:75F9127E6098EE1F130C69E8EA418F8410990E554CF874ED63FBC64EABEAD6D6CF81324A4EE772BF397425674824C5F1962D701644649CA9EA7BEFBFE3003CA7
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...$+.,.......%4...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.S....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 14 09:24:28 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2683
                                                                                                  Entropy (8bit):3.9954988605902044
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8KdMTwwgHhWidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8l3QT/TbxWOvTbRy7T
                                                                                                  MD5:C7C420BAC2C5B1B05F363FE3B5CE639F
                                                                                                  SHA1:584C0341CD82D88A58FC85B314117E8A9F6813D7
                                                                                                  SHA-256:360B369AE4523833331F92C5804FA2187E2B57821A2EA3A667F2AB2A2C61326A
                                                                                                  SHA-512:329F1826DF2298C585A5D2C24A50659A851CC878511AE41AB0386DF82EAAF4CD9A5DFDF526D4255878FF898157333E0A04807E2A9865892AE38011E1205B533B
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...$+.,.......$4...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.S....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.S....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.S....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.S..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.S...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............?.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DriverHub.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Aug 14 09:23:11 2024, mtime=Wed Aug 14 09:23:20 2024, atime=Wed Aug 14 09:23:11 2024, length=7722672, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2082
                                                                                                  Entropy (8bit):3.414265567918646
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:8wb17adOnMmSTjoy6dVKSkdVXdVKSvbVKScVkmyg:8cpOKKXfKeKrPy
                                                                                                  MD5:698CF5F0663B0F93058299A6C067EB10
                                                                                                  SHA1:DD52E5C3DF14730EF26C0CD798B37256B1925510
                                                                                                  SHA-256:7FD5BD8911CA4CC3CF408B96F2B4967C5976910BD295C0BDA6CD31FD72734B4B
                                                                                                  SHA-512:BE7E643AB3B415DE82FE69661FCADF1755223F79CDD9135B8E473DE451ADED6DAC1F0E52B1DBACA1DB12A04942A090C04F961F6F2B4550D69FF7D6E5B4D9ACEF
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ...4...3....8..3......3.....u..........................P.O. .:i.....+00.../C:\.....................1......Y.R..PROGRA~2.........O.I.Y.R....................V.....'j..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1......Y.R..DRIVER~1..D.......Y.R.Y.R....;......................v0.D.r.i.v.e.r.H.u.b.....h.2...u..Y.R .DRIVER~1.EXE..L.......Y.R.Y.R....*.......................M.D.r.i.v.e.r.H.u.b...e.x.e.......]...............-.......\............?.......C:\Program Files (x86)\DriverHub\DriverHub.exe..&.A.u.t.o.m.a.t.i.c.a.l.l.y. .f.i.n.d. .a.n.d. .i.n.s.t.a.l.l. .d.r.i.v.e.r.s.C.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r.H.u.b.\.D.r.i.v.e.r.H.u.b...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r.H.u.b...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r.H.u.b.\.D.r.i.v.e.r.H.u.b...e.x.e.........%ProgramFiles%\DriverHub\DriverHub.exe..............

                                                                                                  C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):40
                                                                                                  Entropy (8bit):3.3454618442383204
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:FkWXl8+eYQmP:98+RQmP
                                                                                                  MD5:D554A9DC8AA6318579FF1C22FF8AA300
                                                                                                  SHA1:908945DC4F6118B4892C32F0369435973D43FB46
                                                                                                  SHA-256:215596C78F3827B426842B9FC45B3AA2505A296274FB58EDF1BF2AC9B235D25F
                                                                                                  SHA-512:D42144A989983F34A220F993DE6E420B69ECAFFD6264CF78F0B746604E453F3FF947AA41CF4F1DB87B2D8ECE2766F8303E8D319044A209F4FE4A48554F0956DC
                                                                                                  Malicious:false
                                                                                                  Preview:sdPC....................:.a.x;.A.)[zuC..

                                                                                                  C:\Users\user\AppData\Roaming\Unknown Organization\DriverHub.dat (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):220
                                                                                                  Entropy (8bit):2.880915849721718
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3lpLX/9tZlie3ylIr/5JlVie3zlMl/rA/lNljlie32lVlrkR/ljER7pXalLb/9tL:H3yg3JMlTAt3N32drk7S7pKlLb3IM
                                                                                                  MD5:EAABF12583363A451ADD86042735A034
                                                                                                  SHA1:6F091C41FBCC0DFAFA532C048E09A7B2A785922F
                                                                                                  SHA-256:C3922207C8C01D54C032DC40746E170BAA511D8B6DA912D97CF88F054F0D88D4
                                                                                                  SHA-512:0925FB5A4DF3D4B4EAD502F3E061EAF6ED8FFD954238C4A81E1495C2965764BEFFA3B859C6BB4BDEAF99FBEC2A2CE108AFCB8934AB4CACD42A104EE7014B2175
                                                                                                  Malicious:false
                                                                                                  Preview:..............w.i.d.t.h..............s.i.d.e.b.a.r.W.i.d.t.h.....@T...........s.i.d.e.b.a.r.V.i.s.i.b.l.e...........s.i.d.e.b.a.r.S.p.l.i.t.....@V.33334.....h.e.i.g.h.t..............f.a.v.o.r.i.t.e.F.o.l.d.e.r.s.........

                                                                                                  C:\Users\user\AppData\Roaming\Unknown Organization\DriverHub.dat.NLgHRX

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):220
                                                                                                  Entropy (8bit):2.880915849721718
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3lpLX/9tZlie3ylIr/5JlVie3zlMl/rA/lNljlie32lVlrkR/ljER7pXalLb/9tL:H3yg3JMlTAt3N32drk7S7pKlLb3IM
                                                                                                  MD5:EAABF12583363A451ADD86042735A034
                                                                                                  SHA1:6F091C41FBCC0DFAFA532C048E09A7B2A785922F
                                                                                                  SHA-256:C3922207C8C01D54C032DC40746E170BAA511D8B6DA912D97CF88F054F0D88D4
                                                                                                  SHA-512:0925FB5A4DF3D4B4EAD502F3E061EAF6ED8FFD954238C4A81E1495C2965764BEFFA3B859C6BB4BDEAF99FBEC2A2CE108AFCB8934AB4CACD42A104EE7014B2175
                                                                                                  Malicious:false
                                                                                                  Preview:..............w.i.d.t.h..............s.i.d.e.b.a.r.W.i.d.t.h.....@T...........s.i.d.e.b.a.r.V.i.s.i.b.l.e...........s.i.d.e.b.a.r.S.p.l.i.t.....@V.33334.....h.e.i.g.h.t..............f.a.v.o.r.i.t.e.F.o.l.d.e.r.s.........

                                                                                                  C:\Users\user\AppData\Roaming\Unknown Organization\DriverHub.dat.lock

                                                                                                  Download File
                                                                                                  Process:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):63
                                                                                                  Entropy (8bit):4.667700662166299
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Vr6MEr116EzUFyjT:R6MC36EzUwT
                                                                                                  MD5:5C81347233B21194157D56E87F652041
                                                                                                  SHA1:F21371BF602CA383C69D384E3B4E38B595680CE7
                                                                                                  SHA-256:150EE75F579E46D1D79312A9BE920960698FC2D9820BEFD47F5245A96E60230D
                                                                                                  SHA-512:FC2AEEA893C771E4E5B8EF1C339EB6544607646B21888CFC6C9A4CA456A43481C32B48F8381E7239358604BCB100C37576CC301C073F7ED3836FBACB85C9208C
                                                                                                  Malicious:false
                                                                                                  Preview:3748.DriverHub.user-PC.9e146be9-c76a-4720-bcdb-53011b87bd06..

                                                                                                  C:\Windows\Installer\3ac866.msi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.37750026266588
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                  MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                  SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                  SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                  SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\3ac872.msi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.37750026266588
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                  MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                  SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                  SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                  SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\3ac873.msi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.383378429526644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                  MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                  SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                  SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                  SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\3ac87a.msi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.383378429526644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                  MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                  SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                  SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                  SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSICB25.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9501
                                                                                                  Entropy (8bit):5.666078062231232
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:wtRpkcRp/8DrUkFEdogLNy5J5J5J5J5J5J5J5J5J5J5Af5Gh9RWZ6iGShWyBC8Hc:w1zLmDcZxGSwcfyeNjnGYWJ1
                                                                                                  MD5:DB6394CADAA13E357415F327A96687AD
                                                                                                  SHA1:A699A21799AD16BE9E200B1026F127890B18CCE4
                                                                                                  SHA-256:60AE674B362F0A7FB738AB2C55E43FD3FEB62C57060063A785FDA9DBC5EA678D
                                                                                                  SHA-512:B90C04F598D8749A9E838BBBEE6ED32C03ED0E2579DE8307A32A4675FE4C7CEF4A221EA204449156AD21F4C09C8E5F9E5CEF33B66560B211C958281D4B53784A
                                                                                                  Malicious:false
                                                                                                  Preview:...@IXOS.@.....@.2.Y.@.....@.....@.....@.....@.....@......&.{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7};.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135..vc_runtimeMinimum_x86.msi.@.....@o.&..@.....@........&.{83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}.....@.....@.....@.....@.......@.....@.....@.......@....;.Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X86\Version.@.......@.....@.....@......&.{E8E39D3B-4F35-36D8-B892-4B28336FE041}$.C:\Windows\SysWOW64\vcruntime140.dll.@.......@.....@.....@......&.{F4F89385-AC80-4040-ADA6-06D37B69832E},.C:\Windows\SysWOW64\vcruntime140_threads.dll.@.......@.....@.....@......&.{A2AA960C-FD3C-3A6D-BD6F-14933011AFB3} .C:\Windows\SysWOW64\msvcp140.dll.@.......@.....

                                                                                                  C:\Windows\Installer\MSID596.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9740
                                                                                                  Entropy (8bit):5.638445678941114
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:zRvmH5xSSSLuyAV2YO8UUycM6ZLaAeJn3LsLNWgn:zRvmH5xSSguyA0YORrwo3QZWgn
                                                                                                  MD5:779919448CD0A4D549E07E7703732689
                                                                                                  SHA1:DC1B28BDD69440F0A90D78E062EFFB1967B451CD
                                                                                                  SHA-256:8601DC80C8682F1EEA205C776114902BB2A1E083F0767FE26D747C52FBB8EE0F
                                                                                                  SHA-512:D6BCC7DF15175A7D42AABC4F76C86775DD2E52B923376D9ED0565E56EFB602395477AAA6C63F7F4637E6C0F9FF8349085FA55CFAF2CFE5B0E06583B2D4690785
                                                                                                  Malicious:false
                                                                                                  Preview:...@IXOS.@.....@.2.Y.@.....@.....@.....@.....@.....@......&.{9C19C103-7DB1-44D1-A039-2C076A633A38}>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135..vc_runtimeAdditional_x86.msi.@.....@o.&..@.....@........&.{29E9ACD5-6C1B-48C9-A316-358656F83B42}.....@.....@.....@.....@.......@.....@.....@.......@....>.Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{E3819B64-3C56-3DD7-921D-00B011AD31DE}@.02:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X86\Version.@.......@.....@.....@......&.{4FD4AB8C-C57F-3782-9230-9CCA22153AD3}..C:\Windows\SysWOW64\mfc140.dll.@.......@.....@.....@......&.{46A1EA6B-3D81-3399-8991-127F7F7AE76A}..C:\Windows\SysWOW64\mfc140u.dll.@.......@.....@.....@......&.{C94DDE19-CC70-3B9A-A6AF-5CA7340B9B9A}..C:\Windows\SysWOW64\mfcm140.dll.@.......@.....@.....@....

                                                                                                  C:\Windows\Installer\SourceHash{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.2078196222684805
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:JSbX72FjkzltsXAlfLIlHuRpZhG7777777777777777777777777ZDHFzld/gMqO:JCOUIwEVUs8cF
                                                                                                  MD5:14D239B635A15DD939E1906559EFD101
                                                                                                  SHA1:026D821D8CC1664DB96EF4B797857BA0996F6EBD
                                                                                                  SHA-256:812153E10E25F2C271617061ADE6DC7FA217C5A9AD5F4D449837247F8F04FA14
                                                                                                  SHA-512:7FBE704A267642F4D0FB33A9A240F4C0A030DCC799E52B10027A1FC171D874AE6489DF53DA0525014D36761312E1E67C117384B00098CD258AF3FCB71911A72C
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\SourceHash{9C19C103-7DB1-44D1-A039-2C076A633A38}

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.2084648943777467
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:JSbX72FjMNkStsXAlfLIlHuRpWBhG7777777777777777777777777ZDHFonStt+:JuQUIwUiGStt7AWcF
                                                                                                  MD5:0A96ABEF40F95145E752293D47A985CE
                                                                                                  SHA1:BB10960BFD7DE5AB87BCDB3FB191E7137A8D1E0E
                                                                                                  SHA-256:5640431D16BC2008C3C70CD3E0E13CD923A06852558C265BB5F1D40FE49CF59E
                                                                                                  SHA-512:2D97DBED4859B3776A0F80C80D99EA5D746CB6598FA317C7A186789C09674EC3FD2446527CA54A0840B09DB870FB416704F738388B9425EE41E8A3CAF53F0017
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.5327945022903913
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:t8PhpuRc06WXi/nT5Rhdex6RLBL7nSmRSsEIQSIV4Zwcl:Qhp1RnTnLexaLBL7nVR8vJ4Zwcl
                                                                                                  MD5:B8FEE2E98AEBB0E223718942193CDBD1
                                                                                                  SHA1:F486220A8D84E5458BA4FAB24983013D0187C1B9
                                                                                                  SHA-256:00D0BB8788E9C911388EA6EF5588889B4DE707A086FF3420AF69C4004A93F230
                                                                                                  SHA-512:BAF48A1BAD70CD0DCE09447F6805FE81AD0AA895FE27E547FBAF76787C69645E27B717FD2B0202FE4F5694F82F1FD48FCFE88DB633A82F081B1566E4A6B1ABDD
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):364484
                                                                                                  Entropy (8bit):5.365494644340739
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaul:zTtbmkExhMJCIpEu
                                                                                                  MD5:438A4A63CAA6B8C083BE50FF9024A477
                                                                                                  SHA1:43CD043A9F8D8CBC2E371DF5C3B98F5BD0928DA0
                                                                                                  SHA-256:4E13D290444AB4AC934E51C4957C534EA9940A091D67C4AF397558B4E69201F1
                                                                                                  SHA-512:BECE609B25B625E6FD4AB1A1F75A04A90BAD99376302F59DDD5B5B61E0D41B0127C2884D8D3491B6580FBBA2CF9D99D04A1635FC53A5DDFC2FFB5F8FC358C38C
                                                                                                  Malicious:false
                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                  C:\Windows\SysWOW64\concrt140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):257616
                                                                                                  Entropy (8bit):6.701518252422076
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:H3RC9MpwQGXL41H9UsWy64Q7WzB1XmrbB1+1FUqHHlsixuOdm12z/Nrv:XMdV4HXmrkRHNuOdjz
                                                                                                  MD5:3D0EA6BA3551AEC4717AB2827319A741
                                                                                                  SHA1:E1273BA1B3D6CDBF93C99B115EF8ACCD84568718
                                                                                                  SHA-256:1573721C06F70D779F5AEBA175C039202069DA15D8526C3CE0C19B8C7FA985B1
                                                                                                  SHA-512:BADE3D768BF435C0ADD77BA377866A59146D22E102932FBEAB08FC10B27B9F5BCC5375ED26EE48847FB57649D706FF2AD6192895780C6924E34CAA7FCCA3514A
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z[.s)[.s)[.s)..r(Y.s)R..)Q.s)].r(^.s)[.r).s)].w(P.s)].p(\.s)].v(..s)].s(Z.s)]..)Z.s)].q(Z.s)Rich[.s)........PE..L...+............."!...&.&...x..............@......................................Jc....@A.............................K.. ...........................PP.......*...;..T...........................(;..@............................................text...\$.......&.................. ..`.data....4...@...2...*..............@....idata...............\..............@..@.rsrc................n..............@..@.reloc...*.......,...r..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4841880
                                                                                                  Entropy (8bit):7.037865881588186
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:gOps8At+ClFx0VQxKra4L48wELFLOAkGkzdnEVomFHKnPT:fsj66Km4L48wELFLOyomFHKnPT
                                                                                                  MD5:968006878A0703C6D528C315AAA64E92
                                                                                                  SHA1:EDCC9FBA54F81ABB6162C6FEC2A56AE0472EDF68
                                                                                                  SHA-256:20F9A3BDBE5981EE42E2665623BFE342BFAC18BA7209E889ABDA2FE88AD7EC3D
                                                                                                  SHA-512:961D49A5529F833A03FC3A117EE4379D9AD8F17C2780A42796D9C775577CA31A5CFD4E66C0FDDE6DA3E41AF0E0B2DB655ADAB32E5041107EE31F169FF1C45CFB
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.....y...y...y..|...y..~...y..}...y.......y..ix...y..i}...y..iz...y..x...y...x...y..i|...y..ip..y..iy...y..i....y..i{...y.Rich..y.........PE..L...v............"!...&.^/..n........*......p/...............................J.......J...@A.................................]0.......0.`.............I..O...`F.....?..T...........................@4..@............P0.....h|.......................text....\/......^/................. ..`.data...$....p/......b/.............@....idata...T...P0..V....0.............@..@.didat........0......Z0.............@....rsrc...`.....0......^0.............@..@.reloc......`F.......E.............@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140chs.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):51280
                                                                                                  Entropy (8bit):6.318544681380016
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:wdzvsXi+9tLkr8yTby97DVLpdJ9zSllpgElfq9zSlui:0z0Xi+9tLU8CbyBVLpdrz0ZfWzO
                                                                                                  MD5:FB70AD75D602984A07427BB47DF41DFA
                                                                                                  SHA1:38AFD8EA3364670FFA148E8FA0A886D882806B22
                                                                                                  SHA-256:0138CC6A774EAB4AA3745F35F8C1551691892F5C39D9DCFF287B65B02715F74D
                                                                                                  SHA-512:15DC82046276766B1E10B237254184583A37676C4A526123E1D7CB6390A95CD0EC3469FDB4093F16C8676B0EE4876FE41C61D6B67B67C70EF9C2D85B8468AF0A
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L................"!...&.....v......................................................K.....@.......................................... ...s...........x..PP..............T............................................................................text...P...........................@..@.rsrc....s... ...t..................@..@...............T...l...l..................l..........................$...,...,...........................RSDSm.....XN.C..yR....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140CHS.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... ...m.....XN.C..yR.8....7...=5...........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140cht.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):51280
                                                                                                  Entropy (8bit):6.351909249754834
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:xLfucVI4cK7kYw4JUM3i/EhWZdEY1R9zZwgEl11R9zZ6E:RucVI4cK4YJUM3XhWZdBzqZrzH
                                                                                                  MD5:074D25DA33A285E836E57B3AD5E9BE03
                                                                                                  SHA1:9AC12AD02F6EB317EB2C1C5538E6A738F573026E
                                                                                                  SHA-256:85B4BEE99F4214F67230AF2A2E456F0F07C22791468F488D6FDCBE6FE168E1AB
                                                                                                  SHA-512:1EE9467379AA7074F1F9B14B44A739E50C650DF79EF17B76F4467A56A3D6A2AD2BE224EDE16331895B047EDE102DEB4E4F3D4A4DCB10A215C47F8D5362B492B8
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...jZ............"!...&.....v......................................................].....@.......................................... ..8s...........x..PP..............T............................................................................text...P...........................@..@.rsrc...8s... ...t..................@..@....jZ..........T...l...l.......jZ..........l...............jZ..........$...,...,...........................RSDS....=?..ZNf........D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140CHT.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1...a...rsrc$02.... .......=?..ZNf.....,E..(..+*.JjZ..........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140deu.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):79840
                                                                                                  Entropy (8bit):4.98555855763647
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:fVPidQr0UZqnn0BDVnPS6VFaGCWKZ+e0petNSaBhp0vcsjsr8gWb8C1dCuf9TmdV:fVidQr0UZqnnSVnPS6VFaGCWKZX0Whpz
                                                                                                  MD5:AF28BE398C058FF622DFBDFB0925DFB4
                                                                                                  SHA1:E92A9588DF07463A4D1E9AB72AC5FE7D4A12B139
                                                                                                  SHA-256:91E58759C63DFD325C38B25C44395333FFEE3010A19FD43CF0B3A37706180B1F
                                                                                                  SHA-512:6745745B8905E76438012C5C28A149AA5A406B32C07E0E9961B8C54D32768C47FF3521AAED7F0A7D9CBA70835FFA579A98D91D4CE2BD5C6593E30A3733ADAE7C
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L....U.........."!...&..................................................................@.......................................... ..0................O..............T............................................................................text...P...........................@..@.rsrc...0.... ......................@..@.....U........T...l...l........U........l................U........$...,...,...........................RSDS........e3.L.....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140DEU.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ...........e3.L...".u........U........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140enu.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):70224
                                                                                                  Entropy (8bit):5.147993943292643
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:MV9zfyEBAuhPLNXf/nWHNfdzd+zLZKzyF:Q9zlBhZxXf/nWHNdAok
                                                                                                  MD5:DADB101E49A2CD1F0451AA7762D4B83C
                                                                                                  SHA1:E2DDB718652E3276244F16BE562E07925ED2623A
                                                                                                  SHA-256:5EE1FE1A80A2294DB5719502D1E089B0B18AB202B617157D114039789A9A396E
                                                                                                  SHA-512:C16B9B52B0CB1A0CB127D040681A0381236121BA33EB2DA3AD728109EA79C0B335CAF8FB7912AF050409D0FB5690C959C9113EF26E98FBEA4E9C5BD1173AC8AA
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L................."!...&.............................................................^....@.......................................... ..................PP..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@................T...l...l...................l...........................$...,...,...........................RSDS\..V....4O(...n.....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140ENU.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1..0....rsrc$02.... ...\..V....4O(...n.....d.,t.t..............................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140esn.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):78816
                                                                                                  Entropy (8bit):4.965207644229018
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:rwq6Wv6B/iKuFm3OKWxRZ/Isd6z0ZjUzP:rwyyB/+HIssIUb
                                                                                                  MD5:808433A96FD0473B48EE41807E83080B
                                                                                                  SHA1:36B08BA26CCBFDE65C45BD7E145E29EA92B9FC5C
                                                                                                  SHA-256:A9279F19BF76416A7A2BFD9C0642D8652BC55151E0D7467F173470BFD0275CC0
                                                                                                  SHA-512:4508E24519258188F5A4370C980D6F79EE185A20C7CA2180E1DB48A86A1B93CB50B6652080B613EF81D443806756BFEA994746704B6B053A501F4BCD2BE10D8D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L......M.........."!...&............................................................-.....@.......................................... ...................O..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@.......M........T...l...l..........M........l..................M........$...,...,...........................RSDS.....m|.. ..y......D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140ESN.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1..`....rsrc$02.... ........m|.. ..y..4./.t}/.gQM...M........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140fra.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):79976
                                                                                                  Entropy (8bit):4.976328786867478
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:U26iNYajZELogYFmNRYxAaTafCp5eQYZmZUjyyyyyyyyyyyyyyyUGQFUbWTVNeRr:UNuqLog6A2SCHu0j6Zz4AOz5j
                                                                                                  MD5:436171AEF87B307673BCDCB7202DBE97
                                                                                                  SHA1:5E9098546ADBE10C7CED411A64C18343F7280F0E
                                                                                                  SHA-256:7013BF84EDD1B99B705A2FC9FBF78314C9A029EDB77C097F290116C6EC40AD6D
                                                                                                  SHA-512:E0B9D8EAD571175627A02295C1E18B405F75D4F828F5CAC53F7FAE731C438034201B335FEB3B8346C20C55CBAA308E3A1118A0D5BA655F6B83B53E7A1316006C
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L....b............"!...&.............................................................U....@.......................................... ..x...............hP..............T............................................................................text...P...........................@..@.rsrc...x.... ......................@..@.....b..........T...l...l........b..........l................b..........$...,...,...........................RSDS...~[......P......D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140FRA.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ......~[......P.........`.e$.b..........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140ita.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):77936
                                                                                                  Entropy (8bit):4.97984716808543
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:pRE6XaCyqbK15MyBwgDGxNIlW3jSCQQQjeqS1hDDg1UWTVaxUr9zJzQAU1R9zZl:pnass5MyBwgSxNIlW3GoiTLBzaAQzX
                                                                                                  MD5:EC1A565CC69D83ADD23FE170CF151438
                                                                                                  SHA1:81C76303AEF42002359DBB6F85CDD9CD71E1AD87
                                                                                                  SHA-256:46DD968B20EE4AF1DF54DF26EE71CA4E22FEC3A08A50891FFC9041440AB3B47B
                                                                                                  SHA-512:E025AD07AB96263EE0F99EF6337625F6609AF41AF62BB99DA90528533894C74D6F3DB3ED3870A0E72CED50A156428F01ED2101A6A1E9039D924DDC437CA6ED17
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L....X.........."!...&..................................................................@.......................................... ..X...............pP..............T............................................................................text...P...........................@..@.rsrc...X.... ......................@..@.....X........T...l...l........X........l................X........$...,...,...........................RSDSy.0{.y.P............D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140ITA.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.......rsrc$02.... ...y.0{.y.P...........\".O.....X........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140jpn.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):58848
                                                                                                  Entropy (8bit):6.147967055664089
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:banVn/5vfJxsr10/eu9RHreld+Q9zw8GYgElp69zO:enp/5rgun8dzzwBYZIzO
                                                                                                  MD5:73E3D2A7CBA6E84F612D7F3983DA672A
                                                                                                  SHA1:F53319BD699998E2267FD0782BD48F187151FFFA
                                                                                                  SHA-256:14321F9C9BA3C2C86CE1AA59D9FD6C9768093384C14DA61F74CE1BA1B85CFBCB
                                                                                                  SHA-512:AE15BFBAB4AFE8D944003DD394A3B12631EA637BCBAF31D50EAF49B246851EEA644ADA90C0F6DE4B62FA24AD0F82F856A0AF32FA5A0D22C95D1C5230EF7C775E
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...s.*..........."!...&.................................................................@.......................................... ...................O..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@....s.*.........T...l...l.......s.*.........l...............s.*.........$...,...,...........................RSDSy.+...Y'.2/.........D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140JPN.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1..p....rsrc$02.... ...y.+...Y'.2/......S..C..@...-s.*.........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140kor.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):58368
                                                                                                  Entropy (8bit):6.266737380122467
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:tTQO54LQTNn6UaHqNA3B2I7CvqFxURN9zalAzT1R9zZ5/:tr51TNnQqNAx2I7CvqURvzalAzRzT
                                                                                                  MD5:5BE605895182F3D21CAE9F57747AC7AB
                                                                                                  SHA1:72BF3A00F28A6EB5755A09C80AE06BC69F61EBDC
                                                                                                  SHA-256:7A9B45A779C411F4CD46C91EBE45271D814DDE2F7678B694A8364B11E571EE1D
                                                                                                  SHA-512:F7FE5A3684C541E2AF9979716EC8C9068ED8B656B14BC9B689B2BB639E48355ED4002F1F2BD2A4EC160D9B36AA0E35785831AB624FE3C0FFA54E720F955F103D
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...2............."!...&..................................................................@.......................................... ...................P..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@....2...........T...l...l.......2...........l...............2...........$...,...,...........................RSDS..HE5.&...9-.uH1....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140KOR.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1...~...rsrc$02.... .....HE5.&...9-.uH1.1...y&....+2...........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140rus.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):75856
                                                                                                  Entropy (8bit):5.5033560387700735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:Ov/gFXOvKRiqNWTMHVhtZgFckD9nd/Hq9zn9gElIq9znT6:k6XOvKzhTWFd+zn9ZpznT6
                                                                                                  MD5:A0A589DDE7A2A4FA6097323175FA70F7
                                                                                                  SHA1:E8F3FF09F4F08CEFF009658E7AF2D7ABFDF5DDC0
                                                                                                  SHA-256:7EF466D7D1803DEB0F63E021F58A780385DFAC3F3C286EE2C1E6DBFC5D54A424
                                                                                                  SHA-512:8C921A033C4D3B6874E0C270E2D46154BDF4083087FF179F9750A07E7E7839889A858BB453C39817F72F557F3A50A3AAB753DCA9F17E272A892F49782387A9B6
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}Y=.98S.98S.98S.?...88S.?.Q.88S.Rich98S.................PE..L...vq............"!...&............................................................. ....@.......................................... ..................PP..............T............................................................................text...P...........................@..@.rsrc........ ......................@..@....vq..........T...l...l.......vq..........l...............vq..........$...,...,...........................RSDSl...k;.6a.{2.!!....D:\a\_work\1\s\binaries\x86ret\bin\i386\\MFC140RUS.i386.pdb.........T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..p....rsrc$01....p1.. ....rsrc$02.... ...l...k;.6a.{2.!!.%.(..m....vq..........................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfc140u.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4869496
                                                                                                  Entropy (8bit):7.023063738664024
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:2Wb8RxUQ2gvGuxzgCkTVlzrrqkijR2e4FLOAkGkzdnEVomFHKnPLzr2:2WyTVeT7qkijRr4FLOyomFHKnPLu
                                                                                                  MD5:EC9829B23C2E5A7029AC2F9F81924EFA
                                                                                                  SHA1:9B7400EE4282E4655C0CD5F54C41D3AE14095434
                                                                                                  SHA-256:28EB2E4DE14C90B303E13EAFF2E65A4D57E4F5E220BD34CEB858D745A02BDF94
                                                                                                  SHA-512:7B2831CA2CDE03F3F12240AE5F18386BBC1D6DA2B66A550515800E8A1947BC64F077EAF498E63CC3E1CAF39986CFEEB886F43562C0D451D8C54C196F4AF58662
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W.M.9.M.9.M.9..<.L.9..>.L.9..=.W.9.D...Y.9.Ki8.O.9.Ki=.A.9.Ki:.G.9..8.^.9.M.8..9.Ki<.Z.9.Ki0...9.Ki9.L.9.Ki..L.9.Ki;.L.9.RichM.9.........PE..L...z............."!...&../..p.......*+......./...............................J.....V.J...@A........................P...L.....0......@1.`.............I.xO....F.\.......T............................5..@.............0..............................text...../......./................. ..`.data........./......./.............@....idata..JS....0..T...p0.............@..@.didat.......01.......0.............@....rsrc...`....@1.......0.............@..@.reloc..\.....F......`F.............@..B................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfcm140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):86640
                                                                                                  Entropy (8bit):6.569726153977617
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:JcYmVfpuBFaiCtECS1sZu/QCWhD1vzvrAlzv:JQpqCiCS1slCWhpL+7
                                                                                                  MD5:ABF14CC1A720FF3968911F6FD2E6DD7E
                                                                                                  SHA1:175ADE2E220DE9BF6C1595F9FF4A1E910F9B8C99
                                                                                                  SHA-256:B6C3F35ABC2ED9B44CAEFEF8846A26C05D10B3619E298625B4D7891B16D8A539
                                                                                                  SHA-512:AF0C6BEB089365A19181B27AA6C45656F409AFC36E1C76DCDB74DFDE70DFA75C8AD66442C4F94482A0BEBE96CCA4297E58FAABE2E92B77CEF77BBB1A1C538AAE
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qT.}...}...}.......}.../...}.......}.......}.......}.......}.......}...}..~}.......}.......}.......}.......}..Rich.}..........................PE..L.....!..........."!...&.@...........N.......P...............................0............@.........................p.......0...........................pP... ..P...pU..T............................T..@............P..(............R..H............text...U?.......@.................. ..`.rdata..d....P.......D..............@..@.data...L...........................@....rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\mfcm140u.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):86608
                                                                                                  Entropy (8bit):6.568249206613143
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:3iZ6VSS6bn0raxMki1sZu1gVrKZduzqFyZ2z2:3onY9ki1stVrKZEGli
                                                                                                  MD5:F0CE2D4BE2A728B2767E3F5100DDE8CA
                                                                                                  SHA1:124CFABF98D386F47E3D73EBDD4960DFF8B20864
                                                                                                  SHA-256:EEA420619FBDCA1468DFA825E832BA14A21DC0402EBE90E75DDF3903DF4B8C61
                                                                                                  SHA-512:67543A966A31163D78C23BE4B83300F211A23F3B0DB61A6E3707F6106FEC0462C67D1898C8D086A1B7A59F89A0E089140AB163B666A21E9A7311DD0C5F856D7F
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........qT.}...}...}.......}.../...}.......}.......}.......}.......}.......}...}..~}.......}.......}.......}.......}..Rich.}..........................PE..L....3.+.........."!...&.@...........N.......P...............................0......t*....@.........................p.......0...........................PP... ..P...pU..T............................T..@............P..(............R..H............text...U?.......@.................. ..`.rdata..d....P.......D..............@..@.data...L...........................@....rsrc...............................@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\msvcp140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):446840
                                                                                                  Entropy (8bit):6.690279428020546
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:5mtyWf0sTWRzbpT/tD5YpsGx30h7whUgiW6QR7t5s03Ooc8dHkC2es98R:A0HsTWRzbp5D5YpsM3A7v03Ooc8dHkCh
                                                                                                  MD5:C766CA0482DFE588576074B9ED467E38
                                                                                                  SHA1:5AC975CCCE81399218AB0DD27A3EFFC5B702005E
                                                                                                  SHA-256:85AA8C8AB4CBF1FF9AE5C7BDE1BF6DA2E18A570E36E2D870B88536B8658C5BA8
                                                                                                  SHA-512:EE36BC949D627B06F11725117D568F9CF1A4D345A939D9B4C46040E96C84159FA741637EF3D73ED2D01DF988DE59A573C3574308731402EB52BAE2329D7BDDAC
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.$...w...w...w.\.v...w.V@w...w..v...w...w...w..v...w..v...w..vD..w..v...w.,w...w..v...wRich...w........................PE..L....4.w.........."!...&.....z...............0.......................................=....@A.........................S......8c..........................xO.......4...U..T...........................8U..@............`..0............................text...b........................... ..`.data....&...0......................@....idata..0....`.......0..............@..@.rsrc................H..............@..@.reloc...4.......6...L..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\msvcp140_1.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):33360
                                                                                                  Entropy (8bit):6.931135692044243
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:w+hOcIndhnQsmJ1jmH/XWci5gWk2CSt+e/p35DNR9z463q465yEFHRN7R5DNR9z9:wJ9nQLqHuVdl39zTh6gEl39zTp
                                                                                                  MD5:B262A68778D6117D77DFD88A7F43CA44
                                                                                                  SHA1:839DE1D7BCFB4D91736707194B5F94BFF9285AFC
                                                                                                  SHA-256:A7ED4A417F0C50578F2CA2C5106004DD82F78DD3658A852B37147FC362716667
                                                                                                  SHA-512:4F417D12A86D19773D47BDD50D97BF975EADDF1DBBDFF72EA6EA9BA164E47503CD4BB4FFD9C308567EC1CE0A23C024C24BD8647AAFB68CEC4F747CE668296E28
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B.I.,.I.,.I.,.-.K.,.@...M.,.OP(.C.,.OP/.H.,.I.-.a.,.OP-.L.,.OP).].,.OP,.H.,.OP..H.,.OP..H.,.RichI.,.................PE..L......+.........."!...&............@........0...............................p.......b....@A.........................*..J....@..x....P...............2..PP...`..x.......T...........................X...@............@...............................text............................... ..`.data........0....... ..............@....idata.......@.......$..............@..@.rsrc........P.......*..............@..@.reloc..x....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\msvcp140_2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):250880
                                                                                                  Entropy (8bit):6.801697899047771
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:ah2CMuxNalcGGC4hrQ1U5AE8EmQiqnwTW1KgR5MIKnxWVE7r:uxNAcGL4pQ65rBnwTW1KC5cnxWm
                                                                                                  MD5:60BF20C3CC7A98169465CD85EE833D67
                                                                                                  SHA1:D562FD487CDBA1EEBAD05D39DF4E143ACD9A50F1
                                                                                                  SHA-256:3EEE52D6389E9F12FA38F71247656C414BA675A96F7FA9987ED598F5963711DB
                                                                                                  SHA-512:D7A7859A86EECAADFDF6F5001595A331F5FDEC16112C5B9B6A314EB55C9EF49966A74F45E4EAA9912B0F2FD76E867C2AAAD4698B396989EB6532AFE53E4E8F67
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>H..P...P...P.u.Q...P.......P..sT...P..sS...P...Q...P..sQ...P..sU...P..sP...P..s....P..sR...P.Rich..P.................PE..L...~.b.........."!...&.....~............... ......................................q.....@A............................@....Q.......`...................P...p...A...N..T........................... N..@............P...............................text...P........................... ..`.data...H&... ...$..................@....idata..6....P......................@..@.rsrc........`.......>..............@..@.reloc...A...p...B...B..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\msvcp140_atomic_wait.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46672
                                                                                                  Entropy (8bit):6.857457630149837
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:a5iIy2dzHxsLj8OVUkKJoc7dvfq9znggEl8ULq9znrd:a5iIyYbxk8OakKJoc7dvuzngZ8Lznp
                                                                                                  MD5:C1FF4738F68A0570720F695B5A4837B9
                                                                                                  SHA1:C7BA41BA8049409D2EA5A3B4DABC2499837CD60F
                                                                                                  SHA-256:1B940CE6E0791B41538F475FF97FCD04156C2CAB924557199B57736D7EA510D5
                                                                                                  SHA-512:EDB1FD8EFB8B45474F43472A88A404329C0E756E1EFD9F3FB1EF2C800CDF64BA705CC7A339650CF0E2978E8D38FE42A16CCC86FAAF6630986E3E2E01BB03E632
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.:...i...i...iJf.h...i.l.i...i...h...i...h...i...i...i...h...i...h...i...h...i..ei...i...h...iRich...i................PE..L....9..........."!...&.J.......... E.......`............................... ............@A........................`S..D............................f..PP......\.......T...............................@............................................text....H.......J.................. ..`.data...<....`.......N..............@....idata...............P..............@..@.rsrc................Z..............@..@.reloc..\............`..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30288
                                                                                                  Entropy (8bit):6.991930067735414
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:VWTrbNQJMjsOkWiYEWDeiCSt+ewnR9zxqSQBT35yEFHRN7HR9zxqSV/nkh:VWbNQv6rdy9zYSo3gElx9zYSVvq
                                                                                                  MD5:D90414F90993F195846C25140D47566B
                                                                                                  SHA1:3D3EF684D63BC62EEF8CBE09EAF0EE88159FC17C
                                                                                                  SHA-256:AF5645D93635823702F00E12C0C8D68EEA5D2F20EDCEBFDCF5E076E50A9CB64A
                                                                                                  SHA-512:BD4D3E4681D766449F743A924783154A5916A85FFB72F2F0EF43EBBF8380869D58CED6F56E31534F8B70FEBD4EF5DE47A9B1760478966C5D26ACCD7173FDE45F
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..[.....................\......i...............i.......i.......i.......i.......i0......i......Rich............PE..L.....8.........."!...&............@........0...............................p.......=....@A........................."../...p@..P....P...............&..PP...`..L.......T...........................H...@............@..h............................text............................... ..`.data........0......................@....idata..x....@......................@..@.rsrc........P......................@..@.reloc..L....`.......$..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\vcamp140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):364656
                                                                                                  Entropy (8bit):6.4963913214508
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:ZJLdt44yPF7HBSdUVygY8uPqpOhzuFnAJvoFvw:TeN7o6yTWOJuFnNFvw
                                                                                                  MD5:6FAC04851CDA0F5F63714F3BDB7B17B8
                                                                                                  SHA1:FF48AA1E6F53C21966AA55219C9BB168139599BF
                                                                                                  SHA-256:8C94D1F200CCFA079EDD1993BDD355BC994F19D7889E46EB2D87B547BBE17AC9
                                                                                                  SHA-512:8B182D6CC1C8E1B165CA1A06019244F3FEBCA47E47FFDE59DAFC44FE48D01915E845BB9ED0F445A40BAB634400BAB78FEA9521FC42CA9F30FF996E6AF673A6DE
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../.w./.w./.w.&..#.w.)3v.).w.)3r.2.w.)3s.$.w.)3t.'.w...v.".w./.v...w.)3~.#.w.)3w...w.)3....w./....w.)3u...w.Rich/.w.........PE..L....i.M.........."!...&............`).......................................p............@A.........................m..47......@.......8$...........@..pP...0...>...h..T....................i.......g..@...............x............................text.............................. ..`.data...L+.......(..................@....idata..............................@..@.rsrc...8$.......&..................@..@.reloc...>...0...@..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\vccorlib140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):285296
                                                                                                  Entropy (8bit):6.61257647545177
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Y4LZVoJFIIJcwnb1ykRyfSEmUAAvUT0yTWu1BhbkoOOd4+5Yd74mMHheB22zaSCL:NoJFBnZYDmL0yKu1BNWOf5YdvG4C
                                                                                                  MD5:934C75ADFF9036378FD34F526C6641A1
                                                                                                  SHA1:0B9572EBE4FC49EF2DEF824327EFCAF9C9B90DAF
                                                                                                  SHA-256:B4652ED190EEBF59D4CA8BB340CADFBCFBB7A32ABB893D57AC49B1F22CFA0861
                                                                                                  SHA-512:A00B1BF0F10437A680C332E2FCE287C194B3CF666E985ACF047CEBE755596B15F99BAD5252B6A2244AE8805E24218ACA2A898E63C28CCF515D75232410ADD6E2
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s...........j&........................N`......................J.........Rich....................PE..L...~..w.........."!...&.*.......... ........@...............................@......=.....@A........................p....=..............................pP......xY.. K..T...........................`J..@............................................text....).......*.................. ..`.data....p...@...n..................@....idata..............................@..@.rsrc...............................@..@.reloc..xY.......Z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\vcomp140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):161904
                                                                                                  Entropy (8bit):6.7450593736078766
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:g0c+RUE/Uz4jUuLIptDF96mTQtG+lyRTXFhep/DGhUDw:+wG+0RzO/DGP
                                                                                                  MD5:1BB877A36D2FCF866A79433D318A38C7
                                                                                                  SHA1:ADF05679B78D0B15342CDFB4B5FA03C6FD7A140B
                                                                                                  SHA-256:2FA5C0FA42036A1891A4824C41842869820BA6251D9BA39631B2F41636CC474F
                                                                                                  SHA-512:B89BBCEBF968FD8D8038C4D61664ABF0AEDA77D15C1E8DD7083347272A1BBB22178A5DC6EFC20D428A38A7625B702C9BEE922A10C3BDE3F20A2DD043506152EF
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.5.R.f.R.f.R.fX .g.R.fX .g.R.fX .g.R.f..g.R.f..g.R.f..g.R.fX .g.R.f.R.f.R.f..g.R.f..g.R.f..hf.R.f..g.R.fRich.R.f........................PE..L.....'..........."!...&.....L...............................................p......Z.....@......................... .......`!..(....0...............(..pP...P..L....p..T...........................Po..@............ ..X............................text............................... ..`.data...T...........................@....idata..$.... ......................@..@.rsrc........0......................@..@.reloc..L....P......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\vcruntime140.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):91104
                                                                                                  Entropy (8bit):6.919609919273454
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:wd5wd+ywOpmlhcsrG4ckZEzH3qDLItnTwfVkC2KecbGJ13yd+zTNFZFzK:wdJywOpmlPrHI6D+nTwvlecbG/3y8XG
                                                                                                  MD5:9C133B18FA9ED96E1AEB2DA66E4A4F2B
                                                                                                  SHA1:238D34DBD80501B580587E330D4405505D5E80F2
                                                                                                  SHA-256:C7D9DFDDBE68CF7C6F0B595690E31A26DF4780F465D2B90B5F400F2D8D788512
                                                                                                  SHA-512:D2D588F9940E7E623022ADEBEBDC5AF68421A8C1024177189D11DF45481D7BFED16400958E67454C84BA97F0020DA559A8DAE2EC41950DC07E629B0FD4752E2F
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................2........I..............o.......o.......o.......o.......o%......o......Rich............PE..L....s............"!...&............P........................................P...........@A........................@........ .......0...................O...@.......$..T............................#..@............ ...............................text...T........................... ..`.data...d...........................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\vcruntime140_threads.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):35920
                                                                                                  Entropy (8bit):6.96589440050578
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:1k6tklA61tBe+rbJAGj9JYWrg+WsfCSt+exaqR9zxqSnBKjeRD5yEFHRN75mQR9b:7km+XUMfdjaG9zYSaiDgElQs9zYSx
                                                                                                  MD5:888FB15A3D5B671D0557B2D25A7EA1E7
                                                                                                  SHA1:8F7FC210E96CB8BF5F4902B87495D6D9903A3E45
                                                                                                  SHA-256:0ADC89F01F9719C26A1A6176690C2CA8E5E1FF8339A4B140E4260BA3D6AE78A6
                                                                                                  SHA-512:E17CB660575A1B76637B50B63279BE2DFCF8B96E425E5572B73EF191497B0308408FDD6BF3D7849C52978E22C1763F05569774C4A6C8147ADB520B45360DFF63
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-.&ki.H8i.H8i.H8..I9k.H8o.I9k.H8`..8n.H8i.I8U.H8o.L9b.H8o.K9j.H8o.M9b.H8o.H9h.H8o..8h.H8o.J9h.H8Richi.H8........................PE..L...u!............"!...&.&...........'.......@............................................@A.........................1.......P..x....`...............<..PP...p..D.......T...............................@............P...............................text...D$.......&.................. ..`.data........@.......*..............@....idata.......P.......,..............@..@.rsrc........`.......4..............@..@.reloc..D....p.......8..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9931880
                                                                                                  Entropy (8bit):7.909536392549001
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:196608:9fJ6RWWSJ87TfrjX58D2LcB4VcVSAqeXhIUbEule1mJl4XbFrD:1J6RWf8PPJ8gzV7iYxmnyv
                                                                                                  MD5:C2626794E09A2197C5AC2FECC2F611A2
                                                                                                  SHA1:E1EC4AE41BBBA62DE63CEBEBD4B37DCED421E789
                                                                                                  SHA-256:64B255D3C9C3E0C244FF26A70351D873231495EB102DC6154C8BC9EA205B292A
                                                                                                  SHA-512:70609E6D758EAE7FE552AE609AA3894465D11EB7B0BD171BC74CC41FD41CF8C31B2B80A8D5A1B91942142B9C8B16F05796C68D0EE8E907BAC1BF2179950ED6DF
                                                                                                  Malicious:true
                                                                                                  Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$...........F...F...F.....K...........G...@.y.B...@...U...@...R...@...0.....X.......L...O...D...F...K.......B.....K...F...T.....G.....A...,.......,...G...,.{.G...F...D...,...G...RichF...................PE..d....V.f.........."....&.6...F......pX.........@.....................................&....`....................................................d....0..0x...P.......a...*......4...............................(...`...@............P.......l..@....................text...,4.......6.................. ..`.rdata...I...P...J...:..............@..@.data............Z..................@....pdata.......P......................@..@.didat..X...........................@..._RDATA....... ......................@..@.rsrc...0x...0...z..................@..@.reloc..4............ ..............@..B................................................................................

                                                                                                  C:\Windows\Temp\asw.220e65e681ab5e8f\ecoo.edat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21
                                                                                                  Entropy (8bit):3.041625614369223
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:1HZqRZT:5ERZT
                                                                                                  MD5:2033150B837C1E4FBA4C4D2A0E7040F2
                                                                                                  SHA1:5BACD60F7ACDAB34B10034572F927A2520998A56
                                                                                                  SHA-256:DB37A6F78ADD08326F209EB7CFD7B6182060247151C14F86EF0E2E67CF885A65
                                                                                                  SHA-512:21D9814A7815DBA23C5859C92C174A8B730436523151F7A44E456B790432DD2D9DF7497240285635CA89304FA699DE4DD4343884202783261ACB00C1BAD5D40F
                                                                                                  Malicious:false
                                                                                                  Preview:mmm_mrk_ppi_004_408_v

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\HTMLayout.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4144536
                                                                                                  Entropy (8bit):6.480077040893753
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:U1eHuVwaMIqgsX4NhynLNQ+ZV48cQv9L6fx0vSYtpDKbrqNKabsFbFfsur:UlwYsXFLNQ+rfvRAmvSzrqNmhEur
                                                                                                  MD5:110089114750B59CDB11577A55847B4A
                                                                                                  SHA1:16FB4E9CCC686CC172B33FEF2FF80761F752B0CC
                                                                                                  SHA-256:E3F9EB4243A735283FB32FD6FC0E3A37B0B761C56E913198ED4B5ED81F9CC122
                                                                                                  SHA-512:856BAB9247F39B6A11A632B2982FC9AE50BBB2722173DCE02D47EBA15902AFD10D874F63322BEF83EE110258C436D74C3808B8A310BF6C13456CCED111DD0483
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......(m.l...l...l...~......~......~..u...l...m...j.\.o...j...<...j...}...j...x...:y..z...~..q...l...................m.....^.m...l.6.n.......m...Richl...........................PE..d...&W.f.........." ...&..0...........(.......................................?......?...`A..........................................:.......:.,....@>......0<.T...H.?.P)....?.......5.......................5.(...p.5.@.............0. ............................text...\.0.......0................. ..`.rdata..Hp....0..r....0.............@..@.data........ ;.......;.............@....pdata..T....0<.......;.............@..@_RDATA.......0>.......=.............@..@.rsrc........@>.......=.............@..@.reloc........?.......>.............@..B........................................................................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\Instup.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18996632
                                                                                                  Entropy (8bit):6.45256219394282
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:393216:cNt2C8N8H3T/7npaXLD+cCNQAr0EB8Gf47KFKIn0t9yZ3KQuIA04vClrQkpA1:cNtdfps+jNQ1In0tgZcJ
                                                                                                  MD5:4A69DE3D8443601E0C071E7411927341
                                                                                                  SHA1:CFDA80F102BCFAEC76ECAF323BBE0E66774195AB
                                                                                                  SHA-256:2911C58615F9BDDC1447FB33F8567087ABD02A3AB0E96091E61A20934C9F508E
                                                                                                  SHA-512:76CB66EB5A1F33901BD28414522E3763BF86795D23EDD33FD5665057054B710022BF5332B9E3F770D8724F63447C6556DDEBFD771AE60F978722B40E35C1A207
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......Q\|8.=.k.=.k.=.k.O.j.=.k...k.=.k...j.=.k.O.j.=.k.O.j-=.k.E.k.=.kCH.j.=.k.H.j.=.k.H.j.=.k.O.j.=.kCH.j.=.k.H.j8=.k.J.j.=.k.J.j.=.k.=.k.=.k.S.j.=.k.S.j.=.k.O.jR=.k.=.k.8.k...j.=.k...j.<.k...j.>.k...j.=.k...k.=.k.=.k.=.k...j.=.kRich.=.k........PE..d....W.f.........." ...&......}.......P......................................`#.......!...`A........................................0................P....8..p......H.!.P)...`!.....(...........................(......@...............`#..x........................text............................... ..`.rdata..............................@..@.data...8J... ......................@....pdata.......p......................@..@.didat.. .... ......................@....sdata.......0......................@..._RDATA.......@......................@..@.rsrc.....8..P....8.................@..@.reloc.......`!.....................@..B........

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3815368
                                                                                                  Entropy (8bit):6.4441562258351865
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:tqMmzMrD6dm4oo/l54/rWL4NqV0J9V51PZEdses5YG/a2ON4vlrtehtNtQ+b4yTO:lmoPoNLQdekYGC2S44s
                                                                                                  MD5:7342A3F59C64B20E80DE29EB49D99389
                                                                                                  SHA1:325FDFA1C71A1F0E78B5DDE05359FDBA4BE6C0E9
                                                                                                  SHA-256:91BC0AF21E485BF52FEED853AF7A761F2F17FA0D64FBD0D7869A394B49DBA784
                                                                                                  SHA-512:490979636B7475F20106B5EB3A32B12D1EF78A95E652695FFF933A4AA2F49F8A57CEC6C5161E6A4A1101C148F813A7BD8D4BCC2B0BDBAC0196154ADFFC611E21
                                                                                                  Malicious:true
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........]2.<\..<\..<\.lN_..<\.lNY.z<\......<\...X..<\...Y..<\..._..<\..]..<\.lNX..<\..D..<\..<\..<\.}IX..<\..IY..<\.lN]..<\..<].m=\..U..=\..\..<\.....<\..<..<\..^..<\.Rich.<\.........PE..d...{V.f.........."....&..#......... x.........@..............................:.......:...`..........................................V1......W1.,....p:.x.....8.....x.:.P)....:.T[..@.,.......................,.(.....,.@.............#. ............................text...\.#.......#................. ..`.rdata........#.......#.............@..@.data...p/....1......b1.............@....pdata........8.......8.............@..@_RDATA.......`:.......9.............@..@.rsrc...x....p:.......9.............@..@.reloc..T[....:..\....9.............@..B................................................................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\Stats.ini (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):336
                                                                                                  Entropy (8bit):3.2523664094525224
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                  MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                  SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                  SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                  SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                  Malicious:false
                                                                                                  Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\Stats.ini.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):336
                                                                                                  Entropy (8bit):3.2523664094525224
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                  MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                  SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                  SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                  SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                  Malicious:false
                                                                                                  Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\asw3ac8261543f4a847.ini

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (623), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):857
                                                                                                  Entropy (8bit):5.117542640776252
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:tm7SYDEIYaG0pTWcNAxzwhI2yQNEIF3U3AjqmZnvdKrTOhNArloiKFeKiZpM1R1p:yEtaG0oPza2SF3McqSvA/lTKFeLgxl2O
                                                                                                  MD5:0CC1FE2F0275354C81218560AB6F74D9
                                                                                                  SHA1:E48CE01E5175C524F4FF0C6B58E26CF048A0FB88
                                                                                                  SHA-256:1542F42914BFDD7BDF02448FF8F3AE885DE0D01D4B88C89DA77F19AF0ACFC516
                                                                                                  SHA-512:31CD01D82357DF288D943F677D645055DF5D30A19918340DA1239FF221202D10976A1D18D0D90D3E996DAABDB22DF177E9790F9FEA4EF86E9580733C5E791FF6
                                                                                                  Malicious:false
                                                                                                  Preview:...[Shepherd]..ABTests=9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:a,oa-7820-v0-fake-blatny:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ppi_free_release-20-percent-userbase_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release_v2017_hns-pre-scan-enabled-countries_noomnianda1_not-avast-one_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_production-new-installs_versions-older-than-23.1_old-smartscan_ispublicrelease_usa_ipm_6513_open_ui_c_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-40996f7022cbdf0c8f1e1fe3ebcfef865e1f6a2cac3095ff4c7cc5a3c3837846..ConfigVersion=5072..LastUpdate=1723631118..NextUpdate=1723709576..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\asw3ac8261543f4a847.tmp (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Generic INItialization configuration [BreachGuard]
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30922
                                                                                                  Entropy (8bit):5.880660331605589
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:D7ob0hjbpPbNHtHBV2gzJigCNTPUdoBDsKrf1OfsXhxvFr7qz9PSEhlfQXCcIIq/:YbWZbXHbJihMd9KrdBxJcdfJIqoxTtZQ
                                                                                                  MD5:635231AD520A1827CB1BC7D072E122A9
                                                                                                  SHA1:1240A69D1DF8929EE57F4507523890296D7E6200
                                                                                                  SHA-256:C68DA7C80A8746791EBD37A083D1F3E58171CA1C12AD05C3878F9968D2CE4DB5
                                                                                                  SHA-512:4AA738135837CADA933F41DD5C48030DF74AFDCFB21663B6FA982E4C5F050CD28CD3F58B9B5780ED0BD8EC7F23A6BA0D38EC3DCFBD36D6469A428F47EC578E1D
                                                                                                  Malicious:false
                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=0..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInject

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\asw3ac8261543f4a847.tmp.new

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Generic INItialization configuration [BreachGuard]
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30922
                                                                                                  Entropy (8bit):5.880660331605589
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:D7ob0hjbpPbNHtHBV2gzJigCNTPUdoBDsKrf1OfsXhxvFr7qz9PSEhlfQXCcIIq/:YbWZbXHbJihMd9KrdBxJcdfJIqoxTtZQ
                                                                                                  MD5:635231AD520A1827CB1BC7D072E122A9
                                                                                                  SHA1:1240A69D1DF8929EE57F4507523890296D7E6200
                                                                                                  SHA-256:C68DA7C80A8746791EBD37A083D1F3E58171CA1C12AD05C3878F9968D2CE4DB5
                                                                                                  SHA-512:4AA738135837CADA933F41DD5C48030DF74AFDCFB21663B6FA982E4C5F050CD28CD3F58B9B5780ED0BD8EC7F23A6BA0D38EC3DCFBD36D6469A428F47EC578E1D
                                                                                                  Malicious:false
                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=0..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInject

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\avbugreport_x64_ais-a45.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4964248
                                                                                                  Entropy (8bit):6.517582770381701
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:jMLjH9ldRFPRFauDHxYDZ8kTNKXbXaSmCrUn5BhQFGdY1wjU13fJWdgLeYiWVIGe:gDHqZ8qS9rUnzh6uOTn3S1iuyKdn
                                                                                                  MD5:5964E72271AD63668EA7652710E54400
                                                                                                  SHA1:8B075ADF2CE5D9165C3E7B808507E35CC1238390
                                                                                                  SHA-256:025B20F7E0313A8EA3F4123099A4D921E7532ECFA493F14A9240437A02A7A24A
                                                                                                  SHA-512:74EF5CC269E044D39F3706A3B0FE19397190036382E77F5220F1E613E266583C1E4FC701E2463375CA773D99C273B870F923F210B46CEB4FF6051315F7B5E5B0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......t...0.}0.}0.}.|>.}.|..}6]\}<.}6].|#.}6].|J.}6].|$.}9.2}2.}f..|*.}...|..}.|1.}0.}=.}f..|4.}...|..}.|..}.|..}0.}V.}Z].|S.}Z].|1.}Z]^}1.}0.6}2.}Z].|1.}Rich0.}........................PE..d...3V.f.........."....&..2.........@#.........@..............................L.....KBL...`......................................... .A.......A.,.....L.......I.`a..H.K.P)....L.pg..p.:.......................:.(...0.:.@.............2..............................text.....2.......2................. ..`.rdata...K....2..L....2.............@..@.data.........A.......A.............@....pdata..`a....I..b....H.............@..@_RDATA........K......$K.............@..@.rsrc.........L......&K.............@..@.reloc..pg....L..h....K.............@..B................................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x64_ais-a45.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3465624
                                                                                                  Entropy (8bit):6.473650574760095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:lgq/GQteGPBaCJro7l2iqUqZ+0sqxe7jccyRjMYBSQkhteKJtMtEJ+h1cjy0kJSo:lZOUaJd001Y090
                                                                                                  MD5:A91D4AD0F091E237F39FAA88049716F9
                                                                                                  SHA1:874D461A8217ACB500ADBECD97400F01C30F9C62
                                                                                                  SHA-256:365F89460C8956420BCA74C3B42E637F24DCCD5A4B667C9185D7484E4403BC3D
                                                                                                  SHA-512:1C50106BC4CDC0A2663893A0646F5CC899F3BB9142468974C6A7663CAFA5DF0789994AFA5E7C8AF74875FAC04FADAAC45F8FE5556DD874BC51F0DC53AEC28C83
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$...........Il..Il..Il.....Bl......l.....Ul..O.s.Jl..O..[l..O..]l..O..=l..@...Kl.....Hl..Il..Nl......Jl.....Pl.....@l..Il..m..#..l..#..Hl..#.q.Hl..Il..Kl..#..Hl..RichIl..........PE..d...$U.f.........."....&.& ....................@..............................5.....p65...`.........................................0.+.......+......`4.......2.....H.4.P)...05.(V....&.......................&.(...0.".@............@ .@.....+.@....................text...<$ ......& ................. ..`.rdata.......@ ......* .............@..@.data.........+..4....+.............@....pdata........2.......2.............@..@.didat..P....@4.......3.............@..._RDATA.......P4.......3.............@..@.rsrc........`4.......3.............@..@.reloc..(V...05..X...`4.............@..B........................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\avdump_x86_ais-a45.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3214232
                                                                                                  Entropy (8bit):6.600410343537519
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:f4cQTXDRiHJdRjAeQsl+jf1SXdAQ5YBtxByzTDGx8bc+lrt+BtNthDvHczx+0nSJ:f4TDsHJdRwsCAAQ5YBvByzTD+8b7Tw9
                                                                                                  MD5:4F30E27D0CCE4CFB1E492843C6A3E971
                                                                                                  SHA1:0C5006FDBA022F90EC94E0D8FC32281E40069766
                                                                                                  SHA-256:A6D27EF7D7C9DC32E562BA143A2FE8FCC2EBDEAD0171B511A517ABEAD2599DCE
                                                                                                  SHA-512:D575DDA05D9972914401EC2E40136A20F1F98B55D5125F5CDE706396C44A0466684C64FC173033C3E4D4E8F079BACF682AF99BE7E733CA4E4B3120439C7B23A0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........N.;. H;. H;. H..%I.. H..$I#. H=..H8. H=.$I/. H=.#I!. H=.%IK. H..#I*. H2..H9. H..$I:. H;. H=. Hm.%I8. H..!I". H..%I2. H;.!H. HQ.)I. HQ. I:. HQ..H:. H;..H9. HQ."I:. HRich;. H........PE..L....U.f...............&............p.............@...........................1......w1...@...........................(.......(.....................H.0.P)..../.....4S$......................S$......4!.@.....................(.@....................text...:........................... ..`.rdata...[.......\..................@..@.data....^...@(.......(.............@....didat..(...........................@....rsrc...............................@..@.reloc......../.....................@..B........................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\config.def

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:Generic INItialization configuration [BreachGuard]
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30302
                                                                                                  Entropy (8bit):5.882248833927378
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:DqiC0hjbpPbNHtHNV2gzJigCGTUoBDsvrZ1ONsXhxvFr7qz9rMmlfQXUcSbqoCsE:HCWZbXHvJiIU9vrrbxJcdMobqoptPK
                                                                                                  MD5:FCF68190FC0BA5391E263B655517AAA8
                                                                                                  SHA1:C608BD9ACBDE6EC96919A29D46BC1C14A27B731E
                                                                                                  SHA-256:16C38A08F2CA7DEAE058EE282251E0D9E35CD6796B7329EBA3E17C7131663F62
                                                                                                  SHA-512:AD991386BC68DDA87F3401A7B7321323D81D04A6D1DEA0B1BA221AA4A4ACD2BC088185B4EE07DB1BD572713C516D93F4F931EFFE91E78EF2AC3047A4985C2886
                                                                                                  Malicious:false
                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkippedDomains=whatsapp.

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\config.def.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10422
                                                                                                  Entropy (8bit):7.980981647589329
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:xElGweGF9LcjU4/ZM9cTek5WZce1qBIEOy9WTw7B6EgpAo+WxlxMTeZ:xEYpGFhWjZM9cTekwZce1qcy9WTmvg5l
                                                                                                  MD5:919B56C1B1CD90C6E572DC035C1D1540
                                                                                                  SHA1:FC3769865F0706A86F93A2C392F2BCC6E7756BED
                                                                                                  SHA-256:0C0CAF852743BA70B5770B1DA8BFAF5D8076AD88BB46F90FD909769294F1341F
                                                                                                  SHA-512:D2A8D4531B24A4AAEF6F7D076D0E45A46B39009DA591DFF4509EFCD10017C14B086965A95228F451FBFD91E6DDCAA35B55B143E040F35EB1B868F06283647DD3
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3^v..V(..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1......d..)........6....d..Ox..wB....=eS.G..vo..i...57....0.......,h.\....,..6..2.u.. ........7.....n."G...?.>..2C..D...eL.@......}i......mL...c...zS....1.x..].<.".N..........0{n^`I.:.S...0.e..mn?1.+H.CF~.....t.>>....A.8...0.,.(.H!Ah..T.U.ER.U...t...7P.NX.....`....pE.C.;.c,....D#f^.R..".'@U.s.NR}..;h.!f.=..].......^.K..4.jE%..D..t.u.....!.):S./.7.....9.........HE...=..=Z.S:?D..t..-..Z6..T...4...F6..J4.E.\1m/......%..S....G..Q..Dk..."..p..._K.Z.F.)..Y6.iyN.r=\X..i\..i......{......I.dA.z..Q%>x.:IW.....].<...~;M.......DB....U.mn..7..-.....O@7.mv...n.. .,...e..|.5..H.J/.(..<g....G#.s.....4.;..y.j.,.z..K...'^..K,.U-.Yj......m.."%..R........V...W........B..N.%bxSF...\..S.:.^8.YF.\..a3@9'.SJ....>*.5U.

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\config.ini (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (623), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):857
                                                                                                  Entropy (8bit):5.117542640776252
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:tm7SYDEIYaG0pTWcNAxzwhI2yQNEIF3U3AjqmZnvdKrTOhNArloiKFeKiZpM1R1p:yEtaG0oPza2SF3McqSvA/lTKFeLgxl2O
                                                                                                  MD5:0CC1FE2F0275354C81218560AB6F74D9
                                                                                                  SHA1:E48CE01E5175C524F4FF0C6B58E26CF048A0FB88
                                                                                                  SHA-256:1542F42914BFDD7BDF02448FF8F3AE885DE0D01D4B88C89DA77F19AF0ACFC516
                                                                                                  SHA-512:31CD01D82357DF288D943F677D645055DF5D30A19918340DA1239FF221202D10976A1D18D0D90D3E996DAABDB22DF177E9790F9FEA4EF86E9580733C5E791FF6
                                                                                                  Malicious:false
                                                                                                  Preview:...[Shepherd]..ABTests=9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:a,oa-7820-v0-fake-blatny:a..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ppi_free_release-20-percent-userbase_version-18.6-and-higher_production_product-version-older-than-24.4_quic-sni-block-release_v2017_hns-pre-scan-enabled-countries_noomnianda1_not-avast-one_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_production-new-installs_versions-older-than-23.1_old-smartscan_ispublicrelease_usa_ipm_6513_open_ui_c_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-40996f7022cbdf0c8f1e1fe3ebcfef865e1f6a2cac3095ff4c7cc5a3c3837846..ConfigVersion=5072..LastUpdate=1723631118..NextUpdate=1723709576..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\cookie.bin (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):21
                                                                                                  Entropy (8bit):3.041625614369223
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:1HZqRZT:5ERZT
                                                                                                  MD5:2033150B837C1E4FBA4C4D2A0E7040F2
                                                                                                  SHA1:5BACD60F7ACDAB34B10034572F927A2520998A56
                                                                                                  SHA-256:DB37A6F78ADD08326F209EB7CFD7B6182060247151C14F86EF0E2E67CF885A65
                                                                                                  SHA-512:21D9814A7815DBA23C5859C92C174A8B730436523151F7A44E456B790432DD2D9DF7497240285635CA89304FA699DE4DD4343884202783261ACB00C1BAD5D40F
                                                                                                  Malicious:false
                                                                                                  Preview:mmm_mrk_ppi_004_408_v

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\instcont_x64_ais-a45.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3815368
                                                                                                  Entropy (8bit):6.4441562258351865
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:tqMmzMrD6dm4oo/l54/rWL4NqV0J9V51PZEdses5YG/a2ON4vlrtehtNtQ+b4yTO:lmoPoNLQdekYGC2S44s
                                                                                                  MD5:7342A3F59C64B20E80DE29EB49D99389
                                                                                                  SHA1:325FDFA1C71A1F0E78B5DDE05359FDBA4BE6C0E9
                                                                                                  SHA-256:91BC0AF21E485BF52FEED853AF7A761F2F17FA0D64FBD0D7869A394B49DBA784
                                                                                                  SHA-512:490979636B7475F20106B5EB3A32B12D1EF78A95E652695FFF933A4AA2F49F8A57CEC6C5161E6A4A1101C148F813A7BD8D4BCC2B0BDBAC0196154ADFFC611E21
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........]2.<\..<\..<\.lN_..<\.lNY.z<\......<\...X..<\...Y..<\..._..<\..]..<\.lNX..<\..D..<\..<\..<\.}IX..<\..IY..<\.lN]..<\..<].m=\..U..=\..\..<\.....<\..<..<\..^..<\.Rich.<\.........PE..d...{V.f.........."....&..#......... x.........@..............................:.......:...`..........................................V1......W1.,....p:.x.....8.....x.:.P)....:.T[..@.,.......................,.(.....,.@.............#. ............................text...\.#.......#................. ..`.rdata........#.......#.............@..@.data...p/....1......b1.............@....pdata........8.......8.............@..@_RDATA.......`:.......9.............@..@.rsrc...x....p:.......9.............@..@.reloc..T[....:..\....9.............@..B................................................................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\instup_x64_ais-a45.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18996632
                                                                                                  Entropy (8bit):6.45256219394282
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:393216:cNt2C8N8H3T/7npaXLD+cCNQAr0EB8Gf47KFKIn0t9yZ3KQuIA04vClrQkpA1:cNtdfps+jNQ1In0tgZcJ
                                                                                                  MD5:4A69DE3D8443601E0C071E7411927341
                                                                                                  SHA1:CFDA80F102BCFAEC76ECAF323BBE0E66774195AB
                                                                                                  SHA-256:2911C58615F9BDDC1447FB33F8567087ABD02A3AB0E96091E61A20934C9F508E
                                                                                                  SHA-512:76CB66EB5A1F33901BD28414522E3763BF86795D23EDD33FD5665057054B710022BF5332B9E3F770D8724F63447C6556DDEBFD771AE60F978722B40E35C1A207
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......Q\|8.=.k.=.k.=.k.O.j.=.k...k.=.k...j.=.k.O.j.=.k.O.j-=.k.E.k.=.kCH.j.=.k.H.j.=.k.H.j.=.k.O.j.=.kCH.j.=.k.H.j8=.k.J.j.=.k.J.j.=.k.=.k.=.k.S.j.=.k.S.j.=.k.O.jR=.k.=.k.8.k...j.=.k...j.<.k...j.>.k...j.=.k...k.=.k.=.k.=.k...j.=.kRich.=.k........PE..d....W.f.........." ...&......}.......P......................................`#.......!...`A........................................0................P....8..p......H.!.P)...`!.....(...........................(......@...............`#..x........................text............................... ..`.rdata..............................@..@.data...8J... ......................@....pdata.......p......................@..@.didat.. .... ......................@....sdata.......0......................@..._RDATA.......@......................@..@.rsrc.....8..P....8.................@..@.reloc.......`!.....................@..B........

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\part-jrog2-1523.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):704
                                                                                                  Entropy (8bit):7.650356271647679
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:mYUwhjgXRMmf0gTxSiy+xlvUYQwctUznrWRAxnlccNbea98AL+FIln:gwjg7P97xlvUYNctsrvfpf98ALhln
                                                                                                  MD5:F86F404DB4551F2B29007E8353842A9D
                                                                                                  SHA1:8D504C2369CE54DFA38E04E0C52AD35263A6ECD2
                                                                                                  SHA-256:D02A702AEF6DE2BB6EDD3938A4F85EC493B84AB5E187D60E3804727449258F01
                                                                                                  SHA-512:378044B5E22EA128832C5342BE3A03D360D2C4AF7461BF5C508E50018CB26F02C3FB3C89E99BACFE5898BF652B176878DD80182C23655B4E0A042190DF1FF6BB
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFile....`...x.-.Yl.a...2Uj....%"....&.).%b.M.z.7..HD......K..m.t..}1...j.Zj....{..|...y.{....[....8..V....M.E...-.a..'{.ms3..?6+9..3aw.........].3..\...{....}..)..9..!gqO0a}.Z_..8s........#.'F..g..b...[E.X&..+..b.8M....5...@.,..x..l.7....I./...3V,..p...(.Z.)6..b.8B...S/J......<..........z.........v......Kl.......0V.X$~3V......."......'.....>z.*.....<..}.%....._.O.z/.......&.m......-.S.;.}..c.=2v?..{@......~:.o'..:...s3..k.W..z..#^.j..w5.U..}T0.r..w),A...../.n..A>..co.........].s.........o..&...%.^'~._W./.x&.....\2.......C.......}.%~....;E<...bH<A<M.....c.;....a.p....O.g.s>.....+...h..u3..)Q.B.C......[...f3..mg[....U...pv.Z...{.9Ur&...%./.%.k. 9ASWSig2B

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\part-prg_ais-180717ec.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):76581
                                                                                                  Entropy (8bit):7.997917940613098
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:3sSG4ZtxsLqmBZll3q85iBvI1nHAg9OfT7kyZ/zFV5ktJJucAO4qfl0wRc:3sr4ZtSLqmB5anAifTIEWJ54qdTc
                                                                                                  MD5:863FC6CED83C3C1D2C0F86BB13C2ECE5
                                                                                                  SHA1:997799534BB6BAD2A3F435F6F36EF80E4CCFB67C
                                                                                                  SHA-256:C2A34DA73D79E47045F9393B8647C19F76E5A65275B183688E8C86365D92EBEE
                                                                                                  SHA-512:8D9AB4380832E86F5D148ADD8D3157FBB06A1D2E639590DC0F04F5C08890A2F8F8ED72797D607E6391538CBAA8D77D50B2A2E4794A13DB5F4D0DA2909173B00B
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3.U...*..]..@..(.Dx_.......~..1.Pd.....=....3s6..i.a{.I......&.B~..F.v\...iG,...3.N?....#...V....OFB......%..,).'..P.JBX....X..r%.g....a.L.G.*..E.Q..0.)u.o$.{e..pJb.z<}(R.0..7.,........^\.r.......Wm..%.I ..\...!.....4.......g.....>..jnYD\..CKPa.....e.j...Ac5......A./...S.p....)*X:.Q....+.'......O.'..S.FlIb.#W ..f..E ..1.....5MgFm.Z.F.T..oZN.9)...S'..."".....N.S..F..as.qg...j.o...=$...a.."tWX.$_...g.....x..r|..b.'...u;Er..J.Fd!."|@.i!.~F{.I....V.....6.E.+..5.`.l.../I.5'@...?..K..[....P..U.&B...s..1..l...zO..."r......}1;..1.e...RTsIa....".....h5f.....*9.@u^..U{.O..2.>....=Q.%....`Y.K;.x..\.)....1g...e.3+.]y[n........T...... bA.6.7S..2....y.....1c........3.l.^S5{..;k...J9..^tw..T.:.w....I.S=..g.Sb......-.{.<.B..A....=.x.J).H..K.=/........-...$?.K9..........UN..E9.1..|.........l..u..Y..s..7.X..S6A.;D...M..x..gL.).;"...q...)0......e..vS...|..0...tA....|../.D~..A......3.........9d...O.}..o........X....aA...4..|C.

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\part-setup_ais-180717ec.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4471
                                                                                                  Entropy (8bit):7.955804403056235
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:PcxnpvFounV+81iv29Uik3kUqeuNb3W7JiUnfggvIGEMSG7n:PcjvbVN1ALi497oagCVE5Gj
                                                                                                  MD5:800EB47562108EACE0CC37408EA5D784
                                                                                                  SHA1:B198D6F98EEA23345BD515934BA65BF75AC58FE5
                                                                                                  SHA-256:9DA22BD173FCB3EBA2DF079878C41E28616748BE45297298EB294E193F1A4833
                                                                                                  SHA-512:7DC7E9E11860A94A7415068EB68371DA484C53C2A257972E19CA747F4760C214FC39E4E4000AEBEA491C91E28A29EE968CC679590BCDF38CB9468E96FA0A49AD
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3.......]..@..(.Dx_.l2......gz..k.+..).Ys..)tj.C.vH.[.,......;n....n.I4.h.....,..%L.S...)S.o!.l.!jrl.W..5.,..Z...W....%....\#.1.UG..x.T.e8.;{".n..pi.........}.d..lI*j.'.I.....L.m.1...<..c2....C@&.....].'...dZ.H...........\..@g........g.......Ve.~.Z.....iA......@H{.....v..U..?..9B\..Z..f%K....V@..e06..R...$.:..Z.@.4...Sv.]....IG...{....k`8g|2]....h..W...j..3T...Q;#...x..p...{0...........;....+......>...'*<...@.....JK._.;7."...9.7,....SSI.OP...R...:.Z...m".8..K....@.w....Y.A]..%{8.0.u..(e..V]....U(=..vf.:Q..h..M.IM.....8.....<..'...7.......c..Ue.....a..wI..'..6>.ov..X..N`..J..,.b..U.8.......oC....t......_.|[..|..M..H.#.../....o..{....';...D.U,)VJ*..*....-.9V.EM...M.e.3..%....g^..I.L....etr..w+.3..;q.lD.Mf..|.n.JF.H.....5...F.H^..].F.....+...r..x....H..7wy...b.,./...|.Y.+eR[ ..G.%=hd$.-9..O...V8NU3Q..]..k.i..!...I|./..W..W.wFM.>.E.8..77[C....A..[....Z..m.$)nrl....D...|.....c....4-.=...<.iq6p.h..R.`.c....^<.~.. ..........

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\part-vps_windows-24072404.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12134
                                                                                                  Entropy (8bit):7.96552644828408
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:YapSPYBdXSqIwMPmsp4d/HdtKUXPAw2l2aPW+hinB3QHKpVv3HPd73gXBt8p7+81:XSPMgqIwwmJHKuAfpiBASVnt38Bt8pao
                                                                                                  MD5:A6A17FC9CFD136073E1F1D931798555A
                                                                                                  SHA1:4AE848926F9C7B2A18E75F56B88D0C714BE5AD58
                                                                                                  SHA-256:5E260B60EB5E5041CF1B657F18105EA6388835F1EBAE884DE2C78290AEA3C5B8
                                                                                                  SHA-512:EA8A4C2026BA1F989145B3DDA3B98F2E318E955923CE615451BE2552941CB7A04AF4BB4905BC2352C734F4B21F81AD375A8C24397F9D641D54402EE435875BA1
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFile.?.../..x...w<...?~.8.G6.,2"!+"d..))2.FY.2C.HVVv.......D_.....{.}o.....>..=^.:..u.{<.WPc...i.k\#....x.j...t......ue%..=+;e1-J...7..8...x..&..\.j..&......UT..v7.5..>..yw.'...r..K.k.z..<......Y..O.......Dxx..|x.n...H.G...w....m$o!.&....ud]C.W....e$/!y...H.G...g.<.......'.u.Y... y..H.A.o$.B.0.."y...:...#..Y. ..H.A.wd.F......v".w ...mHnEr......._...Fd....Br......uH.Er..? ...UH.Dr...\......y....H.Br!.. ....<$."9.Y....H.B..$g"9...HNC.TdMA.OFr..&"..H~....~..c....1'....)..B.#....p$.Dr...".!H~..`$.!.sd?.Y..}.d.C.}....O..do${!...O..1.......dwduCVW.q.$;#..........{Hv@..=..O.dC..D....s5.v.....?L:.3.[.m....g.....=....[...D.5....%y.....ka....jE..._.m4...o&u...!&.JI...t..d.19`RI..0....L>r .L....&..I....I.k.`R......!.L..S.&..0.I.-,`.!..0...L....&.RH..KtX.d.2!`2:..0Y..L.,..&.i...=,`.X....>..L.=D.&{...I.I.`....0i;..L....&...&..0.I.P.`....`.p...$...&..I.......e+.`rk..0Y...D...&Q..I[#.`.k;.0...L^M#.LJSa...?....n`...t..I#eR.$...0I......L&/

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\prod-pgm.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):571
                                                                                                  Entropy (8bit):7.54372468311459
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:D15yucKWU4aOi1Idy7pje6euPvgqV5WV24WwiaZ+XMO7EVMpffO82Tr/hyD+V4+/:55y2fuMwuw2U4akEYT1ZMNQjzh4tn
                                                                                                  MD5:1EDD4C0A0428F8F05DF0AD463224C839
                                                                                                  SHA1:E3345B667431361EB70EE0832AB868A11B296E94
                                                                                                  SHA-256:FA8EB5231CC8EFEFE0B9E5F3FD50B90234E46A2DD3EC8469C3E783D0F5398CF6
                                                                                                  SHA-512:329E1239B09BD0501D9FC31D93FD1B1363D3C8AF8E8EAB8FE049CF63125A8BEF6F4A169F4C9827E94A5291FD30207C298A4633D30BE5DEB8C8F9D4E4C782AAE3
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.EnX;....s-.+.U......u..45a....j.....K.....F.BI.;YQs,W...J.....k..m.O~4*.jpWU...o>....&F....,..:.)...{y[..?!....e.e.%..P..p..s....!...J..L.P../.(n...Ed.1J.s..-/D.d...t...t1...>.A~.k@...y.#....Z.S.....cI.,i....A ...N.....0..$......r...........+ ..[..@.s....4(.....H4..;..\@.=...BI:3..>o..4j#..3..8......W.M.........x....p.F*....Z+....p)..9..(3.........!.F...\n.Ncf....?....cT.'..cq3.{.......kcc|..z..0..W..J.mB..c....Y.N..z...>.v..:....>....3..@.....@0W.K.@.......$ASWSig2B

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\prod-vps.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):341
                                                                                                  Entropy (8bit):7.264651464368724
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:DulK/lMVt/J4Du0fqmPTHEAxihpLmLFffzbTymqbCsh8Y1v2ni/4iLpl6HA28ln:KluMD/jKTfgp2fvT1qZwnw4ij6z8ln
                                                                                                  MD5:CB735F402A40AF7524E40C985F2D6A73
                                                                                                  SHA1:448BDAD7F28FCCCB8D6CFB32902505BCA72E551D
                                                                                                  SHA-256:3DA748535868AF14439A64817A334DAF08C6C7D6F865AF5D5130E22D49A270B0
                                                                                                  SHA-512:E8F476794D40F47CA0EA2BD9162439F96377C41BFA84810F3F06E54C72EE8F8CFD268BE7725BF9ECF1FF39850E0585B8F65B08774DDBC6760AE7D2360A7BF070
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0...,.......b.`...=...l....h.nvbqf.zLRxJ.../Mi...r.E.q..]wl.2.(.../..-R.%._u.>.jc.C.K..O_.......]..u.3..+(...../..K.//...E.]..4}....f....>.\.._2.@..a..-K..?.!........l~..{zL.........{.r=.lwN..5..s.6.E.%._.{..;...c^."......C^d|..M..)^e."{X2.L....X.T....Y..".0.Y..b.^.ASWSig2B

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\servers.def

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:Generic INItialization configuration [server0]
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30252
                                                                                                  Entropy (8bit):5.135643388000874
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1A:Z9otwD4X63hwryPIBWrMYhOv+n8Z42
                                                                                                  MD5:39D82CF162F1202304841EA2FA5CAEE9
                                                                                                  SHA1:DA05B98F0ACD2C960346DB0441A58200BBFF3A83
                                                                                                  SHA-256:3121E33CFF95AAA9E5E9CA4EB4F2FFBC79954EEF840031656D8D390A64CADA53
                                                                                                  SHA-512:3575623CAEB39D78AE00F1C1246FB52C78BA265791DE58F15F53D09DE5C03B6860EEEA9F4965D08C5CCA7ABD8BA380BC5CFE59EF5F8257F91D058CDAA0F05140
                                                                                                  Malicious:false
                                                                                                  Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\servers.def.lkg

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Generic INItialization configuration [server0]
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30252
                                                                                                  Entropy (8bit):5.135643388000874
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G1A:Z9otwD4X63hwryPIBWrMYhOv+n8Z42
                                                                                                  MD5:39D82CF162F1202304841EA2FA5CAEE9
                                                                                                  SHA1:DA05B98F0ACD2C960346DB0441A58200BBFF3A83
                                                                                                  SHA-256:3121E33CFF95AAA9E5E9CA4EB4F2FFBC79954EEF840031656D8D390A64CADA53
                                                                                                  SHA-512:3575623CAEB39D78AE00F1C1246FB52C78BA265791DE58F15F53D09DE5C03B6860EEEA9F4965D08C5CCA7ABD8BA380BC5CFE59EF5F8257F91D058CDAA0F05140
                                                                                                  Malicious:false
                                                                                                  Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\servers.def.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2454
                                                                                                  Entropy (8bit):7.913807789895145
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:o31oBEs2XRm52nx5ivt4+qThjoZoGhjDh9yiHPkjOaNRoLQk38Nn:Uo/ORmknx5Mt4+Go6G1V9f6OQ+QPNn
                                                                                                  MD5:61935E97073241B3694A5933DA1A010E
                                                                                                  SHA1:5412B0D796A5459F146623E67E0212F84572F17F
                                                                                                  SHA-256:631204381D7A3FBFFB56766010704B9128EA8FE7EC4854220EFFC2C5AB9A68EF
                                                                                                  SHA-512:201770B01657CB1FB5DB53A7E5B806211947FF3FFDADE5E8F0E0B9ACA53EE48CA2194169AD4E5903EDBB7360DF49811ADC0763A722F1BB28AD6249747F3C299D
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3,v..6...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\setup.def

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):39810
                                                                                                  Entropy (8bit):4.742543551624326
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:KTvwLvecxeknOo/j6Y30bFinJ0lF98XtUWf7HouoLDSYNh3RMCgzoJ23sBxXO:jpEZbyt
                                                                                                  MD5:24B473CF564FABC3A55CEBCB8AA7A7C9
                                                                                                  SHA1:795E24A972B2FF67545E4D61B42D29059A0FA1C8
                                                                                                  SHA-256:5B561E4A1587711FA7A9D710400BA537C4D73A01AF95074B048D56F6B4131E7D
                                                                                                  SHA-512:262D84FB320899EC0C12FE217DA608CC1ED7FD662C3F75CE4913A5D6CA91B1ED264F023F186655F280131B6FAE1CBE24481A0AB6055677632A9E04A1A1DBE21B
                                                                                                  Malicious:false
                                                                                                  Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.7">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />..

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\uat.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):15808
                                                                                                  Entropy (8bit):7.987470222692564
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:iIa10qqAGLsJTrzIaukPX2Vxy3s9BOk4h6:r6caZPXEy3A+6
                                                                                                  MD5:534B2BAD93BB812AE191B5506AE23565
                                                                                                  SHA1:2993199DEDF4CD3C31A2BBFCF10DA1774537843F
                                                                                                  SHA-256:7A31F6F6CB37D42A0356AEB5DD2D803B6634DC6EFE1763BED59ACA6431B955AF
                                                                                                  SHA-512:8C12BE0698B769E0E11D5954474EB4F713A3D8811291FD5336DE2CB6614228944BB5EA11FEFAB345BD2AC6E00163731B542A521438464C925C051AC71BF5EDF2
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3.k..`=..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yW....\.9f.F..||".CUy.V..n../..}X!P[.^6.YB.......z..T.rK.0......e..,.>.J.S..S..~._.\b4dJv.T'.`\r}..;...9..zy..;;........~..h.L....\....o.v.T..9.>....G..{P.Z...X....1.V=h.....#r...y.b...\..m.....,.N(..x.3.....dP<.@B......._.a...uZ.\O........5P.. .[.B.5.=|..5...h.d:.S.5...>..|!.?B.7:.<..{.. .e.E..q.#w.9.}.^..%@La\..i.O...(.^a...`0aT54e...!.%...{..7.J(...7..SK.>...._.t8@.....*q.@.>..&l.p>D.+...I.#8kU............Om...."......`..Ny..6.mN`M..N...x.gf..8\We...hx..{-=.d.J.....+R.,..&L.0.K.$_%........lyd...]6.^..........*...b.V.7...:B.DK.}I.L|...E..ro.!M`....vK..pp+=.....t.2@S...Qg.x..&..i.1H...$..\AC.........gS..W.\.l..9Bp......{.".@.z y`...^.....`.."9,..2.W...P .l\..D.!..U.t3.t.....[.51m....g3.}>}Z.:...;|..l5}...r..m.:..\W).y&.!.w.1ORf..IJ...s.s>.;...Uc"B.I..A!........Xg...._.K...X........F....s.8oz&I....V..].U........z.}... #...: g.?k..

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\uat64.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30104
                                                                                                  Entropy (8bit):6.811827410763732
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:PxCUKKBcns+DZgqsQuwpYYipy6+AMxkEy59:/EsxvQ1pY7p/Mx
                                                                                                  MD5:9E2F415514D2E408661D3E71BF4A80C4
                                                                                                  SHA1:D92F4D356272B424EAC0BEECE46686093AA7DCDC
                                                                                                  SHA-256:4D4281642981C71556111DB06CABCB494669261340CCB70089B5F12A952984D7
                                                                                                  SHA-512:C8FFBFA956E0DE5262E4D5F0626B671BD1657AF2B93D389054227CDE01F71B7CD7B28F1B6ED2415B91D5A09A52D00F75BDACE7961F101337F7CC621D0A93BC5A
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.I.?n..?n..?n.YMm..?n.YMj..?n.YMo..?n..?o..?n..g..?n..n..?n....?n..?...?n..l..?n.Rich.?n.........PE..d....U.f.........." ...&.&...$......`4....................................................`A.........................................T..,....U..P.......h....p......HL..P)...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...h............D..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\uat64.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16868
                                                                                                  Entropy (8bit):7.988590082697058
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:RuSl0UZPyVImsdr64R4RG44EpJxFRYhx10z5u1DNpJfKvCbF:RuN+PaImsB144EzxFUEaDxJ5
                                                                                                  MD5:E7908971C7F59401CEB35DB59CBADDED
                                                                                                  SHA1:EBC24DA66BC206A8FF7BE80C7C48AD942FBB4963
                                                                                                  SHA-256:0BF0605894B5660DAF656C950606F1FCFEBC480921F1BC09C5726AF08C1D16F4
                                                                                                  SHA-512:8DCD7F7A39578AEAE46B8C014C618D4FD97F560EC3037A839C13BD60717DCFEBF7BA456C287C5A6E041C1EE717079647B63579EF4B1170F0916C67A9FB1E3D8A
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3.u...A..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y......Hdn.......l^.m......atrd."=..68...&z.dN.......H.u.a..qs....GT.r}.v..U. -.....H..Y............S$.......t.a\..g..X..?.n..'ST.U8Al.u...1.M..W1.Dn.[l.....i.....`........ik.e.>Jy..+....."..d...... H|4...R..yF.R.w....W.....V...z..T.d`_XHs...j..f.....v..l.7.../j9.:...i....sqp^.|.A.J.. .P.Q.z9.K....%.., ..r-.......+.p`...o.Y..`..o..s..,...9.]..DO#..B...(Y.:3..+..5..@...".....l.g..7U'$..3.X..Vd..!.....v..@...A./3..Kr....|.........L...B3.0M..........w.z?U..X...'P.....S..y?..2.9I.Q.s.-6.......g.8..k...:... kL,....]..b.F...v..|n.....w....L...M}..C..@-....l...........f.?...U........G'..~.,..|H`p..[8..........i..JR.....z....c...6Ip..'..`.Y....m..<.t..{.......+w.>/..YO.v77..0>..[....e.......o%...I.].....C..\...OIpE...9&W6y.....E..1n..0...;.......h'..[&.X.<..._...'$.%.X.U.<......Z...H..D..0....6..D92a.Oj)..;.......i_..k(..{X~......q..T...

                                                                                                  C:\Windows\Temp\asw.b569351eb821d9a8\uata64.vpx

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10885
                                                                                                  Entropy (8bit):7.9849728990314714
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:m15M2G1kixqLDO91UKnf0DHpyeuc53fhn9esn/dVyQHBUBUNLaF:mO1kieOE8f0K2usbyakWaF
                                                                                                  MD5:48E949CC88D14AE464758D092E0A146E
                                                                                                  SHA1:4B4EEA3A10F9FA773FA06BCFBB5BD5C767FC9840
                                                                                                  SHA-256:1D7B0513CC1AD2CB00BF3713EF896F7867A3A5D2700778870108700EA3ACA833
                                                                                                  SHA-512:FCB5D7819802660C0A073415B4636375D5F93F98BDEA786230A326556355B8B63FCB96A94117BC0A42890A842BFD718A8145CB5E51B11D0A25D3936A60CB6006
                                                                                                  Malicious:false
                                                                                                  Preview:ASWsetupFPkgFil3.K..%*..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y.....6[b....-...q.v...Y...jKJ\y..t...x....Xp. .........A.].[!F.......9X.9qTK.<./<..R....@E...{....?)..V.y.p!f-w..bG.....\..:...#.....G|...@;\.26n..q..g<.9.A..[,.E..+V.............x.3....;....R..V...c.e.vq..3..Y...%x6.7^....U+...X...{.`.j..;x......{..{O......p...R../~.....\.^y..}..p............'.....].w2#.G5.......0...U]...:\AD. @.4.E1g....DL.0d.8....8......;Q.......Aw8H7.....|=...<..K.. .0..........%..V.....bM..Kh...+.l5...;u.w......x....sz....H..xX.S.v.3F...ey..&.+.....$....RO. ...xz..}..)..A..t.t.......&:....A.m....Q..^.O[.u...?].h.@.:Q..?....=..{.ia..d...<.......L.^.LKf..=.B&'E.+.uL..X.M.q.mz.N....#.-..~.*..9x..M{..H9.2.QT.,..4......&_...Q'.7-.Iyc......x.t.....0..7a.4za;..6V].....fC....L."}.E....YU_.m..D.......\..lsj.../...J.....x..9.Q.B.............=K.....C.A.A..9J/.p.dw>d..8.c..b$.m.d=....\E...6.tK..|....L......p.....>.-.H0..

                                                                                                  C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):650080
                                                                                                  Entropy (8bit):7.2212720110363735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:fnMwHskY7gjcjhVIEhqgM7bWvcsi6aVl/IyiJGvJtg2t/JgM:vMysZgjS1hqgSC/iz1fiJGvJtxhJ
                                                                                                  MD5:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  SHA1:41EDD6321965D48E11ECDED3852EB32E3C13848D
                                                                                                  SHA-256:D4C6F5C74BBB45C4F33D9CB7DDCE47226EA0A5AB90B8FF3F420B63A55C3F6DD2
                                                                                                  SHA-512:D85AC030EBB3BA4412E69B5693406FE87E46696CA2A926EF75B6F6438E16B0C7ED1342363098530CDCEB4DB8E50614F33F972F7995E4222313FCEF036887D0F0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1028\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18415
                                                                                                  Entropy (8bit):4.043868285184243
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:Haz4aHQbC6dBCLCNavmu6OqSPEmmVUJ9etKL5W2cBxGC4iSM0fvJ9seyryH1mqGI:2yk/RF8e7GWU2
                                                                                                  MD5:2B063D92663595DFE4781AE687A03D86
                                                                                                  SHA1:0FB582E756DBC751EA380593AC4DA27DDB4EBB06
                                                                                                  SHA-256:44C76290F7A2E45940E8338912FEB49BCF4E071CFA85D2D34762857743ACBC8D
                                                                                                  SHA-512:94C8FDA6173C7F5740F206190EDCD1F1F1C309596B710D400E23CD363A619D707A5D4576D4FE63AB7CB68947F009EFD29A1FBE04743A294698BF2AE17E92C214
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'88\'cc\'d0\'d0\'eb\'41\'b6\'ce\f0 \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fc\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a1\'a3\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1028\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2980
                                                                                                  Entropy (8bit):6.163758160900388
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOtMes9T/JhDXsA9EHSniarRFeOrw8N3mZNNTN2N08CEjMUWFPmDlTKJKy2:uDiTlFrDDsA9tfHP8+8nhM0WamzqDFqD
                                                                                                  MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                                                                                                  SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                                                                                                  SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                                                                                                  SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1029\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13234
                                                                                                  Entropy (8bit):5.125368352290407
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:T7wfl7OGpX5a5HEgQ2psch5jotXxEvH++3kamdyjCrDZugDHgbGNl86NhrYGY9D2:Yfl7O5ocINaHmjI44fUixAvOwwrJ2
                                                                                                  MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
                                                                                                  SHA1:511F5DE8A99C09EC3766C5E2494A79EACCA261C8
                                                                                                  SHA-256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
                                                                                                  SHA-512:77108E53CD58E42F847D8EF23A07723C4849DC41DBE1C3EF939B9170E75F525BEC9D210D6C1FBFEB330ECE2E77B8A8E2808730D9E6F72F5B3FE626D58B6068C6
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z jej\f0\'edch afilac\'ed, v\~z\'e1vislosti na tom, kde bydl\'edte) a v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1029\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3333
                                                                                                  Entropy (8bit):5.370651462060085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOtesM6H2hDdxHOjZxsaIIy3Iy5sDMN3mkNFN7NwcfiPc3hKPnWZLF0hKqZ:uDiTlVxxHOy/9xXfpZJYnL8xK2S
                                                                                                  MD5:16343005D29EC431891B02F048C7F581
                                                                                                  SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                                                                                                  SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                                                                                                  SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1031\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12392
                                                                                                  Entropy (8bit):5.192979871787938
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:N6AY7JCc/2WVJtntrUqMmvuUh+mxYpnY4+ZqDe6mUZaEzYNvQ8yOejISRC4WL32:PUw2lSSssWVzOHyOejIS/22
                                                                                                  MD5:2DDCA2866D76C850F68ACDFDB696D6DE
                                                                                                  SHA1:C5076F10B0F0654CDE2C990DEEB2772F3CC4844B
                                                                                                  SHA-256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
                                                                                                  SHA-512:E3A3693B92873E0B42007616FF6916304EDC5C4F2EEE3E9276F87E86DD94C2BF6E1CF4E895CDF9A1AA0CAC0B381B8840EEE1F491123E901DEE75638B8BC5CE1B
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil Tahoma;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBEDINGUNGEN\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Diese Lizenzbestimmungen stellen eine Vereinbarung zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem ihrer Affiliate-Partner) dar. Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dcGEN SIE \'dcBER DIE NACHFOLGEND AUFGEF\'dcHRTEN RECHTE.\par....\pard{\pntext\f3\'B7\tab}{\*\pn\pnlvlblt\pnf3\pnindent360{\pntxtb\'B7}}\

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1031\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3379
                                                                                                  Entropy (8bit):5.094097800535488
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOZuesXJhDEVTORNxSMoZN3mteNSiNGNsZuiAXEqicMwhPXbhu9KwKlK8Kq:uDiTl3N7xSbu0N8+AhSNnm
                                                                                                  MD5:561F3F32DB2453647D1992D4D932E872
                                                                                                  SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                                                                                                  SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                                                                                                  SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1036\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12349
                                                                                                  Entropy (8bit):5.108676965693909
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7Jja9NaNbUmVao9L5EOMjWghxjUSeuDSej2:dj84gmVz9EDjW8GSZC
                                                                                                  MD5:A6E352E5804313CCDE3E4D5DDDDE122D
                                                                                                  SHA1:834E3AAA07DC675589A9E5FCD23CE5586C2739E8
                                                                                                  SHA-256:5C13A65870D770D1642A4259EECB436257CA39016A0500F747BE9C79BE0C7009
                                                                                                  SHA-512:6578AC6467F61930BC1B20E404441725C63790C65AEC1ACE297429EAD15F50E68D5FE9CC1451AC86AE23DC1A7FE967650166293010D687785FB81FB4492B87C4
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil\fcharset177 Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\ltrpar\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Les pr\'e9sentes conditions de licence constituent un contrat entre Microsoft Corporation (ou en fonction de votre lieu de r\'e9sidence, l\f1\rquote\f0 un de ses affili\'e9s) et vous. Ils s\f1\rquote\f0 appliquent au logiciel vis\'e9 ci-dessus. Les termes s\f1\rquote\f0 appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\f1\rquote\f0 autres termes n\f1\rquote\f0 accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT D

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1036\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3366
                                                                                                  Entropy (8bit):5.0912204406356905
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO1BesgKLhD1K8cocDSN3m4NlN2ZfNmXL8ePZFcZkLPqUf9fQKRLKeKqZfj:uDiTlABzH1/qt4qgcXY
                                                                                                  MD5:7B46AE8698459830A0F9116BC27DE7DF
                                                                                                  SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                                                                                                  SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                                                                                                  SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1040\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):11440
                                                                                                  Entropy (8bit):5.037988271709582
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HJdZDQX6UXR2+5AkgS/PhdzerS8QGowHV66zdgkycjGCDLQ+n3YJ258FSiej4LaW:7azAUd+RrR5jjPLQY3YJTSjk42
                                                                                                  MD5:BC58AD6ABB16B982AEBADC121B37E706
                                                                                                  SHA1:25E3E4127A643DB5DB2A0B62B02DE871359FAE42
                                                                                                  SHA-256:70ECF23C03B66A2B18E173332586AFA8F00F91E02A80628F4F9CB2521E27F6AC
                                                                                                  SHA-512:8340452CB5E196CB1D5DA6DBB3FA8872E519D7903A05331055370B4850D912674F0B6AF3D6E4F94248FE8135EB378EB36969821D711FE1624A04AF13BBE55D70
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..RUNTIME MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, tranne se accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1040\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3319
                                                                                                  Entropy (8bit):5.019774955491369
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO1eesy+hD9BOtBFv5Vo8BbQhMNDJN3msNlNohNNz+wcPclM+PAoYKp+K/u:uDiTlfQvo8WutJ/s9FHNOJp
                                                                                                  MD5:D90BC60FA15299925986A52861B8E5D5
                                                                                                  SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                                                                                                  SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                                                                                                  SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1041\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):30228
                                                                                                  Entropy (8bit):3.785116198512527
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:I6ZzmL3hCm2AivEiTsk3H1DjM3Lm4nVsO4Uy9C0QueLJkEBN7VvfNSqkO+0TU7B9:VArCQx/2LLW7//72
                                                                                                  MD5:47C315C54B6F2078875119FA7A718499
                                                                                                  SHA1:F650DDB5DF2AF2EE7555C410D034B37B9DFD055B
                                                                                                  SHA-256:C3061A334BFD5F02B7085F8F454D5D3D97D477AF14BAB497BF31A7887BC90C5B
                                                                                                  SHA-512:A0E4B0FCCCFDD93BAF133C2080403E8719E4A6984237F751BD883C0D3C52D818EFD00F8BA7726A2F645F66286305599403470F14D39EEDC526DDE59228A5F261
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS PGothic;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f1\par..MICROSOFT VISUAL C++ 2015 - 2022 \f0\'83\'89\'83\'93\'83\'5e\'83\'43\'83\'80\f1\par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation\f2\'a3\'a8\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'bd\'8a\'d6\'98\'41\'89\'ef\'8e\'d0\f2\'a3\'a9\f0\'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\f2\'a1\'a3\'b

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1041\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3959
                                                                                                  Entropy (8bit):5.955167044943003
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:uDiTlDuB1n+RNmvFo6bnpojeTPk0R/vueX5OA17IHdGWz:5uB1+gD1DU4EdGE
                                                                                                  MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                                                                                                  SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                                                                                                  SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                                                                                                  SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1042\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):28393
                                                                                                  Entropy (8bit):3.874126830110936
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:CuQibAmua4XatV1pMxlD1xzjxsZmfmzw4ezN7RQjyeqCBS96My7yNRylDSFrQv90:n4atZClDFsZuheqooMerJlQq/
                                                                                                  MD5:641D926354F001034CF3F2F3B0FF33DC
                                                                                                  SHA1:5505107FFF6CF279769A82510276F61EA18637AE
                                                                                                  SHA-256:3D4E9C165CBEAB829D608106F0E96450F839FFA8ADBD755F0B51867E89DA2AE0
                                                                                                  SHA-512:B0339664434B096ABC26D600F7657919EF3689B4E0FDFD4EDD8E479859A51EF51BE8F05FA43E25567FFD6C1C2BCC6EF0D7A857B6D666D264C7783BAD3A383D0E
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 \f1\'b7\'b1\'c5\'b8\'c0\'d3\f0 \par..\b0\f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'b6\'f3\'c0\'cc\'bc\'b1\'bd\'ba\f0 \f1\'

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1042\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3249
                                                                                                  Entropy (8bit):5.985100495461761
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
                                                                                                  MD5:B3399648C2F30930487F20B50378CEC1
                                                                                                  SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                                                                                                  SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                                                                                                  SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1045\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13352
                                                                                                  Entropy (8bit):5.359561719031494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:Pd0SEvKJ7P9yEw1VAOV/sHm/Iznc2wf6w2:8Jf/sHmAzcaX
                                                                                                  MD5:F140FD8CA2C63A861D04310257C1B1DB
                                                                                                  SHA1:7BF7EF763A1F80ECACA692908F8F0790A88C3CA1
                                                                                                  SHA-256:6F94A99072061012C5626A6DD069809EC841D6E3102B48394D522A0C2E3AA2B5
                                                                                                  SHA-512:A0BD65AF13CC11E41E5021DF0399E5D21B340EF6C9BBE9B1B56A1766F609CEB031F550A7A0439264B10D67A76A6403E41ABA49B3C9E347CAEDFE9AF0C5BE1EE6
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA MICROSOFT\par..\f0 MICROSOFT VISUAL C++ \f1\'8cRODOWISKO URUCHOMIENIOWE 2015-2022 \par..\b0\f0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\f1\'b9. Postanowienia te dotycz\'b9 oprogramowania okre\'9clonego powy\'bfej. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym tow

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1045\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3212
                                                                                                  Entropy (8bit):5.268378763359481
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOPesar4hDo7zGriQjDCN3mDNN0NrsNGl3vxkIP2hUdKLK0KbK4n6W0sfNM:uDiTlusPGriQw8n2rOij4JsU
                                                                                                  MD5:15172EAF5C2C2E2B008DE04A250A62A1
                                                                                                  SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                                                                                                  SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                                                                                                  SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1046\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10956
                                                                                                  Entropy (8bit):5.086757849952268
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:H2JR4ufWXXFA+YGRjHquAHHoKWCsGlHIpSDDvJRkYhaDznP3l7wLXiBpt32:WJ6ufB+Yc3AnoZCb5AGPQPCLQ72
                                                                                                  MD5:9A8D2ACF07F3C01E5CBC461AB932D85B
                                                                                                  SHA1:8781A298DCC14C18C6F6DB58B64F50B2FC6E338E
                                                                                                  SHA-256:27891EEC899BE859E3B4D3B29247FC6B535D7E836DEF0329111C48741EC6E701
                                                                                                  SHA-512:A60262A0C18E3BEF7C6D52F242153EBE891F676ED639F2DACFEBBAC86E70EEBF58AA95A7FE1A16E15A553C1BD3ECACCD8677EB9D2761CB79CB9A342C9B4252E2
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..TEMPO DE EXECU\'c7\'c3O DO MICROSOFT VISUAL C++ 2015 - 2022 \par..\b0 Os presentes termos de licen\'e7a constituem um contrato firmado entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pn

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1046\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3095
                                                                                                  Entropy (8bit):5.150868216959352
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO5es/4ThDzmU6lDj4N3mBl0N+NWNP4hHCc9skPDXeKKeK9KfKt4eJ2RQdg:uDiTlJhJGl2UsZMLe6
                                                                                                  MD5:BE27B98E086D2B8068B16DBF43E18D50
                                                                                                  SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                                                                                                  SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                                                                                                  SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1049\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):31981
                                                                                                  Entropy (8bit):3.6408688850128446
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:GdkM1I1EqW6aAHmxiTJrN6feZ78C7e5zoPqp007FsrmPx/1JRbnS0Yk4SYdIDtx2:Su4Mtg1S0YkjYWZM
                                                                                                  MD5:62229BE4447C349DF353C5D56372D64B
                                                                                                  SHA1:989799ED24913A0E6AE2546EE2A9A8D556E1CB3B
                                                                                                  SHA-256:1BB3FB55B8A13FA3BAFFFE72F5B1ED8B57A63BD4D8654BB6DC5B9011CE803B44
                                                                                                  SHA-512:FA366328C3FD4F683FDB1C5A64F5D554DE79620331086E8B4CCC2BFC2595B1FDED02CEC8AA982FCD8B13CC175D222AF2D7E2CD1A33B52F36AFD692B533FDBF13
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset0 Tahoma;}{\f3\fnil\fcharset204 Garamond;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\'d1\'d0\'c5\'c4\'c0 \'c2\'db\'cf\'ce\'cb\'cd\'c5\'cd\'c8\'df MICROSOFT VISUAL C++ 2015\f1\endash\f2 2022 \par..\b0\f0\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1049\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4150
                                                                                                  Entropy (8bit):5.444436038992627
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlDhQt9esbrohDTWJt49kAr7DHN3m5GNDCNvNLIkflhrWncPingGdZwK1Kqp:uDiTlDYVgmt4xJ88k193ipzjvL
                                                                                                  MD5:17C652452E5EE930A7F1E5E312C17324
                                                                                                  SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                                                                                                  SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                                                                                                  SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1055\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13807
                                                                                                  Entropy (8bit):5.2077828423114045
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:mfGSPTe1VWjPqkdUxtptACpt4jSzUQBtB7+fzCCnebZ/42W2TEAQjE4oOwuxqrEs:7SK+W6UbACp2SzD9+btebZwZWEdpow2
                                                                                                  MD5:9625F3A496DBF5E3E0D2F33D417EDBBF
                                                                                                  SHA1:119376730428812A31B70D58C873866D5307A775
                                                                                                  SHA-256:F80926604E503697247353F56856B31DE0B3FC1319F1C94068363952549CC9B1
                                                                                                  SHA-512:DB91A14FC27E3A62324E024DD44E3B5548AF7E1C021201C3D851BD2F32537885AACFC64ADAE619BAC31B60229D1D5FC653F5301CD7187C69BD0ACECCE817D6A3
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset238 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2015 - 2022 \'c7ALI\f1\'aaMA S\f0\'dcRESI \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan s\f0\'f6zle\f1\'bameyi olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\pa

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\1055\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3221
                                                                                                  Entropy (8bit):5.280530692056262
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOaesHEqhDTHV4zVy6oBzdp0DYK2GP2ZmN3majyNXNoNKQXVvChcPc+WKb0:uDiTl3PHcIflKNTPgdi12xgg
                                                                                                  MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                                                                                                  SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                                                                                                  SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                                                                                                  SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\2052\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):18214
                                                                                                  Entropy (8bit):3.9837154113926356
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:Hom4PyAjs/HBJ5qyK3PG4lk5xxKyAW1yW7/Y3OKchGMvGMLdo4+uHq9f4yPxrdCX:IDM1OR5rGU2
                                                                                                  MD5:D083C7E300928A0C5AEA5ECBD1653836
                                                                                                  SHA1:08F4F1F9F7DFA593BE3977515635967CE7A99E7A
                                                                                                  SHA-256:A808B4933CE3B3E0893504DBEF43EBF90B8B567F94BD6481B6315ED9141E1B11
                                                                                                  SHA-512:8CB3FFAD879BABA36137B7A21B62D9D6C530693F5E16FBB975F3E7C20F1DB5A686F3A6EE406D69B018AA494E4CD185F71B369A378AE3289B8080105157E63FD0
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0\f1\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f0 Microsoft Corporation\f1\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f0 Microsoft \f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\2052\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2978
                                                                                                  Entropy (8bit):6.135205733555905
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlOtKesi+hDtkQf7lz+W0gopN3m5+3cNONeN1ra8vWqPtlTKxKUTKlKXRoR+:uDiTlV5kQR9GLeE0ZxV6gIV
                                                                                                  MD5:3D1E15DEEACE801322E222969A574F17
                                                                                                  SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                                                                                                  SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                                                                                                  SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\3082\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10825
                                                                                                  Entropy (8bit):5.1113252296046126
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:HalhwTwQ4yzePBrarlvTteQH3bf9WaoXUBXZRaS9YARl0hcXNVD32:6lc4krlU2ymLN12
                                                                                                  MD5:873A413D23F830D3E87DAB3B94153E08
                                                                                                  SHA1:24CFC24F22CEF89818718A86F55F27606EB42668
                                                                                                  SHA-256:ABC11BB2B04DFF6AFE2D4D4F40D95A7D62E5AF352928AF90DAA3DADE58DD59BD
                                                                                                  SHA-512:DC1ECCB5CC4D3047401E2BC31F5EB3E21C7881C02744A2E63C10D3C911D1158DCFAC023988E873C33DC381C989304FE1D3CB27ED99D7801285C4C378553CD821
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 Los t\'e9rminos de esta licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n de donde viva, una de las sociedades del grupo) y usted. Se aplican al software mencionado anteriormente. Los t\'e9rminos tambi\'e9n se aplican a los servicios o actualizaciones de software de Microsoft, excepto en la medida en que sus t\'e9rminos sean diferentes.\par..\b SI USTED CUMPLE LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE A CONTINUACI\'d3N SE DESCRIBEN.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb1

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\3082\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3265
                                                                                                  Entropy (8bit):5.0491645049584655
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTlO/esS6VGhDv4tiUiyRUqzC4U+aD6N3m7xNh1NWNGbPz+9o3PWeKK9K9KfT:uDiTlxouUTiySqyIwz9sgxqvjIk8
                                                                                                  MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                                                                                                  SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                                                                                                  SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                                                                                                  SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\BootstrapperApplicationData.xml

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (558), with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12906
                                                                                                  Entropy (8bit):3.7237107259370177
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:X0svF+PnH5zHqQHG0Hd8Hz7HE06HA0rH3FpFNxLon5zLa0LKJn/Bx7z8NkzzkvQf:X0sM/dLbmnoNNUd129potVoT
                                                                                                  MD5:055DD6CC2667D43E89368B6672E378C9
                                                                                                  SHA1:E4278D0440C2069F11735EE0AEECD9B576CB010C
                                                                                                  SHA-256:88EFFBF5C9EEB280C03FC8E39FDD685F91F0B95842F36FDE55DB5B759C35D68D
                                                                                                  SHA-512:1084EAC05F0931A7C6CA95A9AF44DE7E591DF17367AB58871B80D9C52E7208596B27F203C30EAF42DDD1913B4DC927B969CBE798CA4BA46D383A3DC427C7EB01
                                                                                                  Malicious:false
                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T. .&.g.t.;.=. .v.6...1.". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .7. .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.2.2. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.8.6.). .-. .1.4...3.8...3.3.1.3.5.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.s.". .I.d.=.".{.4.6.c.3.b.1.7.1.-.c.1.5.c.-.4.1.3.7.-.8.e.1.d.-.6.7.e.e.b.2.9.8.5.b.4.4.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.F.8.9.9.B.

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\license.rtf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9235
                                                                                                  Entropy (8bit):5.167332119309966
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:H8kZ1UVDWkiWZTIsp/4hghFF1Qf4lCfnEtHixEGx736wHqItfSpOtJ32:cM1RWZMi/zzlOnjt5HLoa2
                                                                                                  MD5:04B33F0A9081C10E85D0E495A1294F83
                                                                                                  SHA1:1EFE2FB2D014A731B752672745F9FFECDD716412
                                                                                                  SHA-256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
                                                                                                  SHA-512:D1DBED00DF921169DD61501E2A3E95E6D7807348B188BE9DD8FC63423501E4D848ECE19AC466C3CACFCCC6084E0EB2F457DC957990F6F511DF10FD426E432685
                                                                                                  Malicious:false
                                                                                                  Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2015 - 2022 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\f

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\logo.png

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1861
                                                                                                  Entropy (8bit):6.868587546770907
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
                                                                                                  MD5:D6BD210F227442B3362493D046CEA233
                                                                                                  SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                                                                                                  SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                                                                                                  SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\thm.wxl

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2952
                                                                                                  Entropy (8bit):5.052095286906672
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:c5DiTl/+desK19hDUNKwsqq8+JIDxN3mt7NlN1NVvAdMcgLPDHVXK8KTKjKnSnYF:uDiTl/BbTxmup/vrxATd
                                                                                                  MD5:FBFCBC4DACC566A3C426F43CE10907B6
                                                                                                  SHA1:63C45F9A771161740E100FAF710F30EED017D723
                                                                                                  SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                                                                                                  SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\thm.xml

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8332
                                                                                                  Entropy (8bit):5.184632608060528
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:8L2HdQG+3VzHfz96zYFGaPSWXdhRAmImlqFQKFBiUxn7Ke5A82rkO/pWk3nswP:ZHAzZ/3
                                                                                                  MD5:F62729C6D2540015E072514226C121C7
                                                                                                  SHA1:C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
                                                                                                  SHA-256:F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
                                                                                                  SHA-512:CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.ba\wixstdba.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):195600
                                                                                                  Entropy (8bit):6.682530937585544
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:OXoiFK6b0k77I+QfaIl191rSJHvlalB+8BHkY6v53EfcUzN0m6I+WxBlnKzeZuqt:OXoQNb++gDrSJdr8BHkPh3wIgnK/IU1a
                                                                                                  MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
                                                                                                  SHA1:74862ECF349A9BEDD32699F2A7A4E00B4727543D
                                                                                                  SHA-256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
                                                                                                  SHA-512:45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...*<..R...*,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):650080
                                                                                                  Entropy (8bit):7.2212720110363735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:fnMwHskY7gjcjhVIEhqgM7bWvcsi6aVl/IyiJGvJtg2t/JgM:vMysZgjS1hqgSC/iz1fiJGvJtxhJ
                                                                                                  MD5:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  SHA1:41EDD6321965D48E11ECDED3852EB32E3C13848D
                                                                                                  SHA-256:D4C6F5C74BBB45C4F33D9CB7DDCE47226EA0A5AB90B8FF3F420B63A55C3F6DD2
                                                                                                  SHA-512:D85AC030EBB3BA4412E69B5693406FE87E46696CA2A926EF75B6F6438E16B0C7ED1342363098530CDCEB4DB8E50614F33F972F7995E4222313FCEF036887D0F0
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p............@..............................................;...............(...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\cab54A5CABBE7274D8A22EB58060AAB7623

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 824123 bytes, 11 files, at 0x44 +A "concrt140.dll_x86" +A "msvcp140.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 62 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):834339
                                                                                                  Entropy (8bit):7.997653805266825
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:12288:iESvOn+e4BpcHLO0eHku5ai12A7RLnAFmDAmKyVUnkrj7N0XlFKsN9XD904s1:bSje4rH0K+i15kEDfKlns7NUl8Wrs1
                                                                                                  MD5:A57EFC0AFFFDF914CBC76BB882CAD37E
                                                                                                  SHA1:732DBEF27C49C27D9F1C00EBA177EABC21650FB8
                                                                                                  SHA-256:C384DA7CC6EAD2CE054A67FDED26D7E4CFF2F981A83C64DE62E53864665E5F45
                                                                                                  SHA-512:AD2CFC0FD199FE2726FD18C0A5972185E8331FE49807CA6340212901DD61D30853E2C72015EE9BAC0425E287EF488190A245676173194FAFBF8F6FC7FBF9BABA
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF....;.......D...........................;....'..............>...P.........3X,. .concrt140.dll_x86.x...P.....3X-. .msvcp140.dll_x86.P........3X-. .msvcp140_1.dll_x86......B....3X-. .msvcp140_2.dll_x86.P.........3X-. .msvcp140_atomic_wait.dll_x86.Pv..h.....3X-. .msvcp140_codecvt_ids.dll_x86.p....B....3X-. .vcamp140.dll_x86.pZ..(.....3X-. .vccorlib140.dll_x86.px...-....3X-. .vcomp140.dll_x86..c........3X-. .vcruntime140.dll_x86.P.........3X-. .vcruntime140_threads.dll_x86.!.)..4..CK.}|.U...E..Ge....WV..P...$@)...R..M..i...."b.UX.j]Y.b..V@..h.q.j.......*j]..R]..&S23NX|.........r....3s..3..D..".....-".....I..g>5P.8..Z..W.*\....r...Z..x..k....X..k.9.Jo.k.....>......U.z..........8...YK.<...%.*..}YE.qe...X..H9...<^.........B.K}.y....M.._.u.4..q.F.&....".... .0.....H...3...V..q.MP...".c...o....^.!v01.!b....!.v.#..s.../....c.u....3.`Kz...WM........l..c..1...p".6Z...8......Hw.p...[.D.?....W.K9...>+uz..\.^.....1.G...&..........r..@xm..|n...`..."D.S".K..g4...Z.Q..+

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\cabB3E1576D1FEFBB979E13B1A5379E0B16

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 5167260 bytes, 14 files, at 0x44 +A "mfc140.dll_x86" +A "mfc140chs.dll_x86", flags 0x4, number 1, extra bytes 20 in head, 323 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5177492
                                                                                                  Entropy (8bit):7.997816222199811
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:98304:310T9qeMt7UU5qai1jrZLsAoSIA+PTwQKrzd04mAp1dDbXN+52qKfYPh:F2LsUmC9t5IMQKrzCXy3XA5JKE
                                                                                                  MD5:4A17E4DA145FA1EA92A52266221AD628
                                                                                                  SHA1:F6304DE9D73609F6B9717D6A4D44EFD7AB7FFE9E
                                                                                                  SHA-256:9544ABBD46B39BEC491CF63076FB109306E519F303DF9CD583A28956172BF038
                                                                                                  SHA-512:DE9A6A1391070A9470F78208FF74120CFFD2A1E2580AF4ADD87914BA6DD27E07B092E66CAA847726E05EB5FAE0C1252681DE37F34B560D4D95F3B76F3599E16C
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF......N.....D.............................N..'..............C.....I.......3X-. .mfc140.dll_x86.P.....I...3X,. .mfc140chs.dll_x86.P....J...3X,. .mfc140cht.dll_x86..7..8rK...3X,. .mfc140deu.dll_x86.P.....L...3X,. .mfc140enu.dll_x86..3..h.M...3X,. .mfc140esn.dll_x86.h8..H.N...3X,. .mfc140fra.dll_x86.p0...(P...3X,. .mfc140ita.dll_x86..... YQ...3X,. .mfc140jpn.dll_x86......?R...3X,. .mfc140kor.dll_x86.P(...#S...3X,. .mfc140rus.dll_x86.xMJ.PKT...3X-. .mfc140u.dll_x86.pR.......3X,. .mfcm140.dll_x86.PR..8....3X,. .mfcm140u.dll_x86.z...4..CK..w..T.0.0" 8C(.R.X..6U..^..)...;..!.;.J'...w..C....."."..|...9.W.s......{V.Z.z.J.0.7...w.(.4\.|.E.D../.....O.E.~t...=1.-.....km...p....e...f.w.q..M.Hv.}.d...eW_3.a...0v.s.W................=.............NZ...L..T.......?3...>.L>...3..r...T....33.......{..M..a.~.u.Q.w.l..u.{O.rQ..$.E{...M.}..~<.T...Y..Q...{.s....p..Q..1Q4Y.2e...o....p.ye.p..R.I.S........oEQ.. .0.k........a..Rt...k.|....>X..Z...&]p....f...Q..~..j..}....k........ {

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\vcRuntimeAdditional_x86

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Additional Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {29E9ACD5-6C1B-48C9-A316-358656F83B42}, Create Time/Date: Fri Jan 19 22:58:04 2024, Last Saved Time/Date: Fri Jan 19 22:58:04 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.383378429526644
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fviOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJd2:fvipBaTDo1j//SZh
                                                                                                  MD5:A37983D3FCA236D6AE2D22AB0FA9F1D4
                                                                                                  SHA1:82F77032813AEDDF321D681DA4E1AA50786258DD
                                                                                                  SHA-256:A7F13351CE5B41FCF6C2ED95F223F5E2AAB5411BF8499A772F69AD8FFB87F96B
                                                                                                  SHA-512:619467E6D4AA6BC8F1CC02DAF52330E28C313D774A1D0B0BB96D40A2ED2DC3697CEE738463FAED040E1BCA407C3471AE1BC8DD91472682B25C579CAACDBF7374
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\vcRuntimeMinimum_x86

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2022 X86 Minimum Runtime, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135., Template: Intel;1033, Revision Number: {83CEF352-ED74-4B1D-B0E7-96CDF4DA1C2D}, Create Time/Date: Fri Jan 19 22:52:32 2024, Last Saved Time/Date: Fri Jan 19 22:52:32 2024, Number of Pages: 301, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.10.4.4718), Security: 2
                                                                                                  Category:dropped
                                                                                                  Size (bytes):184320
                                                                                                  Entropy (8bit):6.37750026266588
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:S9viOApBgbxkK3zoGCK4Kr1kNM+BxWy2bDZRJdz8vO:EvipBaTDo1j//SZhKO
                                                                                                  MD5:3CA6B74AEFE34587F479055F5915E136
                                                                                                  SHA1:61771E0A8CCABAC8783A22F67ADCBCE612F11704
                                                                                                  SHA-256:A6F3A8E4E2162D8DF176418E9A238BECB645B2DB31D8073BFC4F4CDB7FB1AA22
                                                                                                  SHA-512:3949CB3FDAD3E8D5E9C649141A72783E0B403D3E835433D4D456654BCDAD1290258F6D023CE127740F9C82459D337B9F8731C799EFCF99775955D38CF3FEF750
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF05124DA70CC366D4.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF25BDA0503FCBDFDB.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):0.10342421288411675
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOggu6zenSJzM9TEkEjekAYlIVky6l80t/:50i8n0itFzDHFonStt7AYp801
                                                                                                  MD5:AC1E65CEBD254CE1869F3A2EE4A96806
                                                                                                  SHA1:C3F1FDEAB639D744A0F5DF02391ECA507548D98F
                                                                                                  SHA-256:81F96E1A5954840850864FC0C676B2B82C96E85DDDA7D57E770863B54DA97190
                                                                                                  SHA-512:2A7CD51AA2E1376E9CDC7211A902FFA4833391AE75B86CBAA40EF217A6609389519B0851637D8C7F752F9714F245CE94874E860B169933ED8BBD0790761B1E70
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF36BA7D6487F89C8B.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.2275287767376364
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6eRu5u4vFXiAT5xhdex6RLBL7nSmRSsEIQSIV4Zwcl:9RGVTXLexaLBL7nVR8vJ4Zwcl
                                                                                                  MD5:9D8C203C9833FD714EA67795DF380D93
                                                                                                  SHA1:926A164BE4602FD03BC7768E0BAB3E7BAE6E35D4
                                                                                                  SHA-256:F506E09297A9FDA7F33FB702AAD9910E6BCA29B89036511E02FC4458ABEE03F2
                                                                                                  SHA-512:97EC57DB17F72C24D2ED9DB498BECCBD9E96517F31F3CD802F28F21E7B3D20C9431CDD62DC13AF60557893790CDF6FBB48B8C73F0154DB62C36404C454A721AB
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF387057C8443AAFDF.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):69632
                                                                                                  Entropy (8bit):0.13009903704073486
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:d+0ZwcpyYaazipVvipVsS0W1VmEFNgNlGOih+k+dMClA+OMClmVj1LFGm1LFM:dtZwc8VmS9SmRSsEIi4dex6RLBLq
                                                                                                  MD5:172656D954D98815A324C387ED1248D9
                                                                                                  SHA1:3C5675EF1C6684678D84AC0F83E43E35DA8276D9
                                                                                                  SHA-256:AD35764FE1EDAE6B7776480A16E09691F8A442A7E4061A37F47D644CADAC23E0
                                                                                                  SHA-512:04613F774390D9D251A045D4C59DB595FFF7E837834D9009AC4CCA5A93F59C3BCADF39A9538BFEE3BDCC020E6975619CF28A46DE26091740E9E4597C52F99C89
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF415A74CDA624D431.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF5626A81A41093537.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.5288653146977034
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:o8PhpuRc06WXikwnT5udoh6rNSmRSsEIQSIdZO:3hp1WwnTwohQNVR8vxZO
                                                                                                  MD5:240AB2905A58A66D3F8D9CEF5E1545B5
                                                                                                  SHA1:52DD7728185FA8A00B65970D361678E9E12B2259
                                                                                                  SHA-256:E6C085AF1C91C1B008214C1BA1E35FB80D0E2C700B31FC17269A66680298DC35
                                                                                                  SHA-512:D8F336E87EE6B4340289386FFD9EAD5302C8566D96E2E32BD824075ABFD5EC965C45896FA44702D7F234EDA2E465C73B0C5D5C40C19E48BCFDE56E7A14DF174D
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF6348827E3040AD6F.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.2275287767376364
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6eRu5u4vFXiAT5xhdex6RLBL7nSmRSsEIQSIV4Zwcl:9RGVTXLexaLBL7nVR8vJ4Zwcl
                                                                                                  MD5:9D8C203C9833FD714EA67795DF380D93
                                                                                                  SHA1:926A164BE4602FD03BC7768E0BAB3E7BAE6E35D4
                                                                                                  SHA-256:F506E09297A9FDA7F33FB702AAD9910E6BCA29B89036511E02FC4458ABEE03F2
                                                                                                  SHA-512:97EC57DB17F72C24D2ED9DB498BECCBD9E96517F31F3CD802F28F21E7B3D20C9431CDD62DC13AF60557893790CDF6FBB48B8C73F0154DB62C36404C454A721AB
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF6F6F044DC1C9D373.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF79A68300C079BC27.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.2245438186820576
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:96kRuvu4vFXiQ7T5Odoh6rNSmRSsEIQSIdZO:9nRQt7TgohQNVR8vxZO
                                                                                                  MD5:A8808181C2EAA75936E426FDD46D93D5
                                                                                                  SHA1:EA4682088C660EF7BDE4A5E74A84F2AE224661ED
                                                                                                  SHA-256:C9E5485C056E4FAFCE9AC6CC2FBB6833E2900B7172E2EBBBB21DB2130FD6E214
                                                                                                  SHA-512:C0BF9157FB2A785BAA7F824B7CF2E4289454F7956694EB9360822D6E035FFB0561D0FF86D1446A6F2BCE20E84ED1DB5F2C4AF9950512CADD765C5AB8FABCD783
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF7B7F9077A1FB66D7.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.2245438186820576
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:96kRuvu4vFXiQ7T5Odoh6rNSmRSsEIQSIdZO:9nRQt7TgohQNVR8vxZO
                                                                                                  MD5:A8808181C2EAA75936E426FDD46D93D5
                                                                                                  SHA1:EA4682088C660EF7BDE4A5E74A84F2AE224661ED
                                                                                                  SHA-256:C9E5485C056E4FAFCE9AC6CC2FBB6833E2900B7172E2EBBBB21DB2130FD6E214
                                                                                                  SHA-512:C0BF9157FB2A785BAA7F824B7CF2E4289454F7956694EB9360822D6E035FFB0561D0FF86D1446A6F2BCE20E84ED1DB5F2C4AF9950512CADD765C5AB8FABCD783
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF9556762E5F011A3E.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF9BDE7143DAA38ED9.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF9BF760D659A1B866.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF9C7D9328D0067458.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFAC4041454E4DDF4C.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.5288653146977034
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:o8PhpuRc06WXikwnT5udoh6rNSmRSsEIQSIdZO:3hp1WwnTwohQNVR8vxZO
                                                                                                  MD5:240AB2905A58A66D3F8D9CEF5E1545B5
                                                                                                  SHA1:52DD7728185FA8A00B65970D361678E9E12B2259
                                                                                                  SHA-256:E6C085AF1C91C1B008214C1BA1E35FB80D0E2C700B31FC17269A66680298DC35
                                                                                                  SHA-512:D8F336E87EE6B4340289386FFD9EAD5302C8566D96E2E32BD824075ABFD5EC965C45896FA44702D7F234EDA2E465C73B0C5D5C40C19E48BCFDE56E7A14DF174D
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFBBE68998F4C40047.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):69632
                                                                                                  Entropy (8bit):0.128315497372872
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:FD4KZ4KYsjipVvipVsS0W1VmEFNgNlGOi/+kCdMClGD48MClmVjLm:h9ZFdS9SmRSsEIsEdoh6
                                                                                                  MD5:9B73BE4ACEBE1F34009866772F8036DE
                                                                                                  SHA1:4C7A079D9C82639558C6F81A366C8E81B796D8D8
                                                                                                  SHA-256:9BE01F5DD833E0CE778F83107FA6DEF87792F9BF781248CC5745433DAD972C9D
                                                                                                  SHA-512:FBF202224C093E0C56E82AE71A51AB5C2DA70326BA65E402516BEB8101825244358943E0600D81DBC71368C5A273C696911D04D22596DDE83FD87CB96DFD15C9
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFBE9D98CFB30CD00C.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFC129074D6EAFF39D.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.2275287767376364
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6eRu5u4vFXiAT5xhdex6RLBL7nSmRSsEIQSIV4Zwcl:9RGVTXLexaLBL7nVR8vJ4Zwcl
                                                                                                  MD5:9D8C203C9833FD714EA67795DF380D93
                                                                                                  SHA1:926A164BE4602FD03BC7768E0BAB3E7BAE6E35D4
                                                                                                  SHA-256:F506E09297A9FDA7F33FB702AAD9910E6BCA29B89036511E02FC4458ABEE03F2
                                                                                                  SHA-512:97EC57DB17F72C24D2ED9DB498BECCBD9E96517F31F3CD802F28F21E7B3D20C9431CDD62DC13AF60557893790CDF6FBB48B8C73F0154DB62C36404C454A721AB
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFCD9ACBFF5CC588E3.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.2245438186820576
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:96kRuvu4vFXiQ7T5Odoh6rNSmRSsEIQSIdZO:9nRQt7TgohQNVR8vxZO
                                                                                                  MD5:A8808181C2EAA75936E426FDD46D93D5
                                                                                                  SHA1:EA4682088C660EF7BDE4A5E74A84F2AE224661ED
                                                                                                  SHA-256:C9E5485C056E4FAFCE9AC6CC2FBB6833E2900B7172E2EBBBB21DB2130FD6E214
                                                                                                  SHA-512:C0BF9157FB2A785BAA7F824B7CF2E4289454F7956694EB9360822D6E035FFB0561D0FF86D1446A6F2BCE20E84ED1DB5F2C4AF9950512CADD765C5AB8FABCD783
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFD1C50F93915BB58A.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.5327945022903913
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:t8PhpuRc06WXi/nT5Rhdex6RLBL7nSmRSsEIQSIV4Zwcl:Qhp1RnTnLexaLBL7nVR8vJ4Zwcl
                                                                                                  MD5:B8FEE2E98AEBB0E223718942193CDBD1
                                                                                                  SHA1:F486220A8D84E5458BA4FAB24983013D0187C1B9
                                                                                                  SHA-256:00D0BB8788E9C911388EA6EF5588889B4DE707A086FF3420AF69C4004A93F230
                                                                                                  SHA-512:BAF48A1BAD70CD0DCE09447F6805FE81AD0AA895FE27E547FBAF76787C69645E27B717FD2B0202FE4F5694F82F1FD48FCFE88DB633A82F081B1566E4A6B1ABDD
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFE302253DBCD67E9F.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFE80D22A4F461D29F.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.5327945022903913
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:t8PhpuRc06WXi/nT5Rhdex6RLBL7nSmRSsEIQSIV4Zwcl:Qhp1RnTnLexaLBL7nVR8vJ4Zwcl
                                                                                                  MD5:B8FEE2E98AEBB0E223718942193CDBD1
                                                                                                  SHA1:F486220A8D84E5458BA4FAB24983013D0187C1B9
                                                                                                  SHA-256:00D0BB8788E9C911388EA6EF5588889B4DE707A086FF3420AF69C4004A93F230
                                                                                                  SHA-512:BAF48A1BAD70CD0DCE09447F6805FE81AD0AA895FE27E547FBAF76787C69645E27B717FD2B0202FE4F5694F82F1FD48FCFE88DB633A82F081B1566E4A6B1ABDD
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFEB892A4A4D795172.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):0.10228607613592977
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOz/cSSswOF2MqM9RaZdKFtliVky6lJl0t/:50i8n0itFzDHFzld/gMqsaX8tDr01
                                                                                                  MD5:12136771E7AE5475D9727073E913D132
                                                                                                  SHA1:52D2C21EF17DD136BF1B02ECC77E28B9B4885F4D
                                                                                                  SHA-256:D0778B596993353D383111C37114D8D0950ED0A38242594C08D1BDF91F259C67
                                                                                                  SHA-512:B4F4F8F1CC2A6FEEE075EA177DE53D0C1088EF5696EF347CA4B39D7B15D1206BBC7D1E754526F7B1DB99538FC3939068D42D71BC95503EDA9A395FA763BCD8D2
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFF1ACCA06E63C1D49.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  Chrome Cache Entry: 1000

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                  Category:dropped
                                                                                                  Size (bytes):43
                                                                                                  Entropy (8bit):2.7374910194847146
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CU9yltxlHh/:m/
                                                                                                  MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                  SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                  SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                  SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                  Malicious:false
                                                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                                                  Chrome Cache Entry: 1001

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):43
                                                                                                  Entropy (8bit):2.7374910194847146
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CU9yltxlHh/:m/
                                                                                                  MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                  SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                  SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                  SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                  Malicious:false
                                                                                                  URL:https://mc.yandex.com/metrika/advert.gif
                                                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                                                  Chrome Cache Entry: 1002

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 99256, version 1.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):65167
                                                                                                  Entropy (8bit):7.9964625623938215
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:CNcl1AuswlMKZyFLN72QRqH1pdOKPZUkKnEf3Q80Sof:CNgywlZyFLFxRqH1aFkt1of
                                                                                                  MD5:7460C02DE613FF28FEAC30843F1DEBBE
                                                                                                  SHA1:16E57B2624111AB4CAE6FDC8DE5685605AB86202
                                                                                                  SHA-256:2C0655E7F6352E787C5D3F42E34704633491342AF5BC8AFBAD291EBE3061C5ED
                                                                                                  SHA-512:E949938E74A3764DD7FD0605B4FE18E8C0B8F069E82E3FA6D58D5050176916DA2DE382A4E5804F4E41FB321E4007FF2C57814DC47DBD1CFE4926658FEAEAABA8
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Ubuntu-Regular-0c7dfece.woff2
                                                                                                  Preview:wOF2..............!....N........................?FFTM..N...,..H.`..>.....#.....X..T..<..6.$..8. ..*..p..q[....r.>...& ..m.'....z.iaf..#\\PXU.......C.m.O...FT.........e.S=.'..2x.5..I..-.....]&GY...c,.v.%..@...'.Y........*15i...1.c./....Z......"..#...`.....`.....E.\Q%......3qR..t...j...i3..Q...N...`.u.....{:Q`L8.0#..+.......7...A...%.I.X6..U..G.X...Y6.....!.k4z.R.0....(....d..F}2s...i..}.#..[.......n..{Y.}}H.g..~..>.........I.<..7.....8}.7\$I.+.n..V....u...1`....V....w....I.I.=SX..*.1...O..1.H..l...?]...........>..oQ..B,q.,d.N#...YNz.#)...P..>.k..8.Ug.BP#...$A....gh,.1,.8J6.wW_7iXR.../c.M.9...R.un.Oe.....mv.V..i.3.n...............,j.5.....`H.,.d.S...W>........v.....6.." Yc....."..X.b.Fc...............Qlx..G....A.( ....6../.K/.........[.^......C........`....,..lZZ.. .W...D..)l+.)j,.Zf..6I p...W.do...~HyC"O........9o@ ...|(.....o..7;.+.....DY..W.......}@R.8hD#.....(B.c...)..II..A.m..+.8..\...-.R..[j.W3s[..<-..d}Y~....5....R..C.T..V.Z.....Ik.e..v.@NA...8.k.

                                                                                                  Chrome Cache Entry: 1003

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with very long lines (23031)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):26239
                                                                                                  Entropy (8bit):5.457910804415624
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7mNvc0UCqIxSWlDW0D+bH3zWA3WWj11gqhoy6DBuQm9LUks26Kf4hJ85H3XRXajM:wLSWly0qWgXDEJKNaj9vHqT1MpR//at5
                                                                                                  MD5:81D1E10896350DABE0160F3C2D72F669
                                                                                                  SHA1:F1E1860867ABF94608CDC366A2C6F8C3FF871064
                                                                                                  SHA-256:2CFC42E8B1242677EB8B2784A8A2BB7C0A1E43549C8869DAA3AC091EC0E8C116
                                                                                                  SHA-512:932BBB4FD1EBF70EA12D98587508D511ECD8F33BEDF3F6587DA27B8AA907A56519BBEA759016824C585B8446101C50A952FB01914E2A875E1F0A20D825E31A7A
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/shim-ef4d8a0d.js
                                                                                                  Preview:var zr=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function Rr(f){return f&&f.__esModule&&Object.prototype.hasOwnProperty.call(f,"default")?f.default:f}function Qr(f){if(f.__esModule)return f;var h=f.default;if(typeof h=="function"){var p=function l(){return this instanceof l?Reflect.construct(h,arguments,this.constructor):h.apply(this,arguments)};p.prototype=h.prototype}else p={};return Object.defineProperty(p,"__esModule",{value:!0}),Object.keys(f).forEach(function(l){var w=Object.getOwnPropertyDescriptor(f,l);Object.defineProperty(p,l,w.get?w:{enumerable:!0,get:function(){return f[l]}})}),p}var Dr={},J={};J.byteLength=Or;J.toByteArray=Yr;J.fromByteArray=Xr;var M=[],I=[],kr=typeof Uint8Array<"u"?Uint8Array:Array,V="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";for(var O=0,Nr=V.length;O<Nr;++O)M[O]=V[O],I[V.charCodeAt(O)]=O;I["-".charCodeAt(0)]=62;I["_".charCodeAt(0)]=63;function pr(f){var h=f.length;if

                                                                                                  Chrome Cache Entry: 1004

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):34494
                                                                                                  Entropy (8bit):4.506600233721794
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:39bQNZj3cvbFgzeKekm54MvTeYyaGaEV33m2ypTWSeWei:tql3bty6MvTelaGNmVBR
                                                                                                  MD5:6EC5465D42C5016CEB77B1156C68FDAA
                                                                                                  SHA1:26990B48F120D808B6200FCE342E4F11C0627B17
                                                                                                  SHA-256:54F345B9A1C91D3206B612E8CFC4512EBADB66E51D9422524AABE3E176BBBF00
                                                                                                  SHA-512:D46FF9B7E855D5B6D72313DC1BD6F8332ED9C71498F4E0DCB3526C06DB3C94E91B609134004E65EBA27852361544481C07B5279D4A05C702ED064AD9E10CA53E
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/favicon.ico
                                                                                                  Preview:............ .h...V......... ......... .... .....F...00.... ..%......@@.... .(B...D..(....... ..... ..........................................Z<$.Z<..Z<..Z<..Z<..Z<..Z<..Z<&.........................Z<..Z<..Z<..Z;..Z<..aC..Y;..Z;..Z<..Z<..Z<..Z<..............Z<..Z<..Z<..bD..s..........Y:..Z;..Z;..Z;..Z<..Z<..Z<..........Z<..Z;..kN..................Y:..Z;..Z;..Z;..Z;..Z<..Z<......Z< .Z<..aC......................`B..Y:..Z;..Z;..Z;..Z;..Z<..Z<(.Z<..Z;..p............................cE..Z;..Z;..Z;..Z<..Z<..Z<..Y;....................................Y:.._A..tW..Y;..Z<..Z<.._@......................................t........_A..Z<..Z<..`B..................................................cG..Z<..Z<..Y;.................................................Y;..Z<..Z<..Z;............................................m..Z<..Z<..Z<..Z<..aC.........................................._A..Z<..Z<$.....Z<~.Z;..nR..................................hJ..Z<..Z<..........Z<..Z<..Z;..`B...................

                                                                                                  Chrome Cache Entry: 1005

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):350
                                                                                                  Entropy (8bit):6.76690738925168
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPe/6T3AYfvlBuD99bhq50Po71RxywLkVPxJcXSCdSUhwmjX38Vvll7jp:6v/7m/6TlcW50QwpbJcRdhHXMVv/B
                                                                                                  MD5:53BEE57C6F03A66347CF7E5614A00C6A
                                                                                                  SHA1:B20FBF04F244925BD0041E1E445F05C43800C7C1
                                                                                                  SHA-256:BC6C51350976A6CBE7CC8D0D08BD8B4C264070DAD00CB61C0D28355CA28FAE9B
                                                                                                  SHA-512:77023607E4E19E920BF877C7CAB03002D149A8BB1092C525437AE3B70DD8D4774CA9D8A4401A7779AB8307DDC6F9BE2E65720B2A764CDEEA1BE4DB25BE6330DE
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/ru.png
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..9N.A.E_..e@....q.R..-8.1W...D.Y....0..Hll!.Y*...~..1%....}...|.@cf.Q.EV.PO...|. ..b....M.ps....R.....E].yo...w.......7.....s0..R?O.o#.....=.eI.v...r.k....N=.. ..`.p..xUl.......W..h4............-.&{'V#.......3..wX.o]......IEND.B`.

                                                                                                  Chrome Cache Entry: 1006

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with very long lines (1460)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):4958
                                                                                                  Entropy (8bit):4.82162144678434
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:H0J56060JJIfIbsTTuYncOw+DRHQ0cc7x0nUhABb7BJKdnJZh2pIwInDPZw4zK4s:UJ5ttJJO0sTDcOBDdS7K7Z5xBmRaq
                                                                                                  MD5:ACF82EE47549FDC386D02768992A49AD
                                                                                                  SHA1:DE7B617C2D6C095FF286235E6CF64C328DA1A4BF
                                                                                                  SHA-256:CD0D0B6E50FF01FF2F3A9A70D7CFB66A7C6CB9ACF7A566325568BE6D3BD31FC4
                                                                                                  SHA-512:2D0F7B71A99AAFF94E9624FF32A8DC42CE645A0CBA433FDC091CF34735027EFD1FA2DB024C2F591D768F426255F17BBF3D500B7C967B0437B3979956DFFA81C6
                                                                                                  Malicious:false
                                                                                                  URL:https://cdn.jsdelivr.net/npm/cookieconsent@3.1.1/build/cookieconsent.min.css
                                                                                                  Preview:.cc-window{opacity:1;-webkit-transition:opacity 1s ease;transition:opacity 1s ease}.cc-window.cc-invisible{opacity:0}.cc-animate.cc-revoke{-webkit-transition:transform 1s ease;-webkit-transition:-webkit-transform 1s ease;transition:-webkit-transform 1s ease;transition:transform 1s ease;transition:transform 1s ease,-webkit-transform 1s ease}.cc-animate.cc-revoke.cc-top{-webkit-transform:translateY(-2em);transform:translateY(-2em)}.cc-animate.cc-revoke.cc-bottom{-webkit-transform:translateY(2em);transform:translateY(2em)}.cc-animate.cc-revoke.cc-active.cc-top{-webkit-transform:translateY(0);transform:translateY(0)}.cc-animate.cc-revoke.cc-active.cc-bottom{-webkit-transform:translateY(0);transform:translateY(0)}.cc-revoke:hover{-webkit-transform:translateY(0);transform:translateY(0)}.cc-grower{max-height:0;overflow:hidden;-webkit-transition:max-height 1s;transition:max-height 1s}..cc-revoke,.cc-window{position:fixed;overflow:hidden;-webkit-box-sizing:border-box;box-sizing:border-box;font-

                                                                                                  Chrome Cache Entry: 1007

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):5672
                                                                                                  Entropy (8bit):4.753085906702781
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:rzJaNHJtaTSJOR2M4SbkXf047E9D7r61NE:R4amJg4e3cZU
                                                                                                  MD5:2560705DEF64A83880F3BB5E0C1231AA
                                                                                                  SHA1:751D82AEF322FBAC8D4B0A9C959783A7594F6A84
                                                                                                  SHA-256:5F8A65914DAD6AD7F864F9E5800523CB2F96B8EFB587C029D4DADDF0A9BCD8EB
                                                                                                  SHA-512:3D7947DB12EDC2AF09FB4B9B7ADDD00499DD2CEFD1B7C0CFFEF11D8C772B45ACDFD0EF675D5562C33713557F1EEAECC55B8C907925193B3118064C686D6CE3D6
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/extension/err-img.svg
                                                                                                  Preview:<svg width="347" height="194" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_3022_582)"><path fill="#000" d="M0 .5h347v193H0z"/><path fill="#C8C8C8" d="M-698.318-50.777h1282.62v186.98h-1282.62z"/><path fill="#A5A5A5" d="M-698.318 136.203h1282.62v675.39h-1282.62z"/><path fill="#A5A5A5" d="M-698.318-50.777h1282.62v862.37h-1282.62z"/><g opacity=".5"><path fill="#001580" d="M-698.318.5h1282.62v193h-1282.62z"/><path fill="url(#paint0_linear_3022_582)" d="M-698.318.5h1282.62v193h-1282.62z"/></g><rect x="-713.986" y="36.069" width="1023.91" height="854.805" rx="10" fill="#DEE1E6"/><path fill="#fff" d="M-660.272 134.939H309.92v755.935h-970.192zm643.589-78.551c0-5.523 4.477-10 10-10h211.075c5.523 0 10 4.477 10 10v32.94H-16.683v-32.94z"/><path fill="#fff" d="M213.986 67.858h28.742v21.47h-28.742z"/><rect x="214.391" y="46.202" width="53.609" height="42.941" rx="10" fill="#DEE1E6"/><path fill-rule="evenodd" clip-rule="evenodd" d="M242.848 60.066c-.701 0-1.268.568-1.268 1.2

                                                                                                  Chrome Cache Entry: 1008

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):1370
                                                                                                  Entropy (8bit):4.561991923903979
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:t4YrpNIitAUdstleUWI7uvnBJu5NcZBoLo4tBRzWgO9zOHaLdpahC2UkEH6Cff:lmq7zB8WgO9zGu2pUjaC3
                                                                                                  MD5:E071FDCE8A65F38DC579DAF848D80AC9
                                                                                                  SHA1:0221A3201D9C170ACC362331101A3C46F5765F0D
                                                                                                  SHA-256:F8C7C364D72D2E8F699E8770EC94A0BE7A0F18A0F5B30904FF594308C3CDEA3D
                                                                                                  SHA-512:DC127B77B15D3EF3C53F0929A84D287F821E8E0A27277B3FEA6ED76F5B293A502057F641CEC2C009E67A6CD5AECB199BA1DDFDFD2834CB59330E9BF84C58ABB2
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/vivaldi.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="456" height="455"><defs><linearGradient id="a" x1="21.587%" x2="76.116%" y1="5.709%" y2="100.496%"><stop stop-opacity=".2" offset="0%"/><stop stop-opacity=".05" offset="79.08%"/></linearGradient></defs><g fill="none"><path fill="#EF3939" d="M228 454.3c99.7 0 155.1 0 191.4-36.1 36.2-36.1 36.2-91.3 36.2-190.7 0-99.4 0-154.6-36.2-190.7C383.1.8 327.7.8 228 .8S72.9.8 36.6 36.9C.4 73 .4 128.2.4 227.6c0 99.4 0 154.6 36.2 190.7 36.3 36 91.7 36 191.4 36z"/><path fill="url(#a)" d="M376 143.7c-21.8-38.1-58.3-67.8-104.2-80.1C180.7 39.3 87.1 93.1 62.7 183.8c-12.3 45.6-4.7 91.9 17.5 129.7.3.5.6 1.1 1 1.6l80.2 138.5c13.3.4 27.7.5 43.2.5h22.6c44.3 0 79.9 0 109-3.2 36.3-4 62.3-12.9 82.4-32.9 29.3-29.2 34.9-71 36-138.7-46.8-80.8-78.5-135.5-78.6-135.6z"/><path fill="#FFF" d="M347.8 107.6c-66.5-66.4-174.4-66.4-241 0-66.5 66.4-66.5 174 0 240.3 66.5 66.4 174.4 66.4 241 0s66.6-174 0-240.3zm-10.2 78.1c-28.1 48.7-56.2 97.4-84.3 146.2-5.2 9.1-12.8 14.5-23.2 15.3-11

                                                                                                  Chrome Cache Entry: 1009

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):6664
                                                                                                  Entropy (8bit):4.480339382553776
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:4vTJQxyS7UBW7VXxlLVIIQ4FUf36ix4if0c:4vTJQVBxDg/gc0c
                                                                                                  MD5:41941E0CF9D326FB80D23912D6A0398E
                                                                                                  SHA1:1E5C082FA1DC87D0BD1E0ED1F8C05DB4B1FC557F
                                                                                                  SHA-256:E95FC32B39FC05DEF9509871FE71DFD14B687D693848C635F31C798F2D6A34D6
                                                                                                  SHA-512:5B51284DFA384DB502E2CD552E4493B17AF9C3327FEE093D0C2BD45CA03065588A1A1F70644B49642D7543C0B48C1B57E0F153D4291AF1250B145FD61501B24D
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/ext-install-bg-e95fc32b.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 484 427">. <g opacity=".5" style="mix-blend-mode:multiply">. <circle cx="237.862" cy="188.862" r="236.362" fill="#2640AD" stroke="#1A2E9F" stroke-width="3"/>. <circle cx="237.862" cy="188.862" r="165.003" fill="#2640AD" stroke="#1A2E9F" stroke-width="3"/>. <mask id="a" width="472" height="472" x="2" y="-47" maskUnits="userSpaceOnUse" style="mask-type:alpha">. <path fill="#000" fill-rule="evenodd" d="M238 424.344c130.053 0 235.483-105.429 235.483-235.483 0-130.053-105.43-235.483-235.483-235.483-130.054 0-235.483 105.43-235.483 235.483 0 130.054 105.429 235.483 235.483 235.483Zm.002-70.645c91.038 0 164.838-73.8 164.838-164.838 0-91.037-73.8-164.838-164.838-164.838S73.164 97.823 73.164 188.861s73.8 164.838 164.838 164.838Z" clip-rule="evenodd"/>. </mask>. <g fill="#1A2E9F" mask="url(#a)">. <path d="M.139-49h237.723v238.56H.139zM238.14 189.574h237.723v238.56H238.14z"/>. </g>. <circle cx="237.86

                                                                                                  Chrome Cache Entry: 1010

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 80148, version 331.17301
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):80148
                                                                                                  Entropy (8bit):7.997312972445432
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:RzTGdimix2Wk4COoesKvwaBf3vZRLYVQGfyhPg8JJgR+nIHEMeYuF83uxzMLg31:RfGdimk2Wk4CPevvr5R24/JaMIHE2uFF
                                                                                                  MD5:C500DA19D776384BA69573AE6FE274E7
                                                                                                  SHA1:6290834672ABA86D5B6C1C73B30B57C9C53996F7
                                                                                                  SHA-256:CFE3B7382E477059DA11BE2099914B94F0E2A4F08240C60542C376957B8D9658
                                                                                                  SHA-512:E7391F2B8D8ACD4B82F64927ED98ACC863E09AB4330D46094D548DB9C55E23291304F9B35BC58AE4B175327C786CBC8CA568DBEA110938AB8AA3251CACCF5C8C
                                                                                                  Malicious:false
                                                                                                  URL:https://use.fontawesome.com/releases/v5.14.0/webfonts/fa-solid-900.woff2
                                                                                                  Preview:wOF2......9...........8..KC.....................?FFTM....`..F.....l..:.6.$..(..,.. ..+...[.y.....#.m...\........-.C%..bl.b.............m."lng.f.ns..$P.<..`.U.<eK%p.9p.q.z....l..P+.;..2....1.V1..%t.....$;N.<N.j..f...Skm....J."...-.j.8to.K)X....D."..kD.s..s....D."..A...t.i.G.].Z#&..k..a...j6...[.......x.36......^......r..L..1ww.......Y&..W{.r2OLG..o.,A$..`...2.-.<....=a...}.VfkO......m...a.E..w.. ...e..!..?.%..K...2..[..,x.Z..'..E...4...Kf....t(\+.....g.mok(.v...^.g>......\.\..7.....T...).0:.g4A...%....X..n...I..%.0r$."... ,s.0U....5A D.O......Vq.+8v..J..N;.K..~W..K.C0L...:?{o...../J6lnL...h..x..nQS...m..l...........'x.U....D]......HQT.FiB...!..u..M...............so..tDn.{.............). ..FAw.Y.....\.f9f6.)..L.6.v..J....m\.u+.W7.X.UJ.5R`.Z_`U..11i....Ln..>#_.p...D.F'.O.H.f.rf.x.....X.1..O_.=Qh....@{...?-........w..$.:Y`..9..W7)..V...IO:.." . ...(..L..<.x...=..Q..D.0...*..H.#.t;?):A_ ..COP...UpbD".!.pm.7....;.......b...(1...m.....sV..`...t....6.......ah

                                                                                                  Chrome Cache Entry: 1011

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with very long lines (58749)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):58935
                                                                                                  Entropy (8bit):4.71737763289683
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:qEC31IPiyXNq4/xBowbHJmkwFR/sMQyYJYX9BftF5Qzl:qEPPxXE4/XJH8dF+fy9ltkB
                                                                                                  MD5:84D8AD2B4FCDC0F0C58247E778133B3A
                                                                                                  SHA1:6F33EAE92D42FE209167139940A0AD6A3C6C167E
                                                                                                  SHA-256:14CBD9B866A9B092E3A2E03A93B128DA5BACA005FD8B44A1956146EAAB7B48B7
                                                                                                  SHA-512:D4F28E808639F7127C0A8F3E344E8567E2CE0192A3CBE298F22AB41B80770B2798EB0607377CADF4F5B45E94AB8959643177B8D0F4CA9D7ACB9D9F7E7E40DAA2
                                                                                                  Malicious:false
                                                                                                  URL:https://use.fontawesome.com/releases/v5.14.0/css/all.css
                                                                                                  Preview:/*!. * Font Awesome Free 5.14.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pu

                                                                                                  Chrome Cache Entry: 1012

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):446
                                                                                                  Entropy (8bit):7.1070540525310815
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TxylazA7PBk4r3AjGi3wP+r89JZX9lO:b/6dgazABprwjsP+r87ZNlO
                                                                                                  MD5:D909FF1434128340008455D23A24FBED
                                                                                                  SHA1:B3469B660FB2CC967CC924D22058A2952BE50FE4
                                                                                                  SHA-256:2629DE759DD340F44743175BB4510AA6D438A37E3D94E079D2AA4E6032F71DE9
                                                                                                  SHA-512:09C6D29836B6ECE202C7AFC4CF586111721141EA1CED5B0900B9B80AA162D3EF644B18B6042C6B16456C8D2BD74B3C46639EF5A46033DEBAFDD32BF72CC92250
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/fr.png
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F...DIDATx..;N.@......(@..h((.(hr.t..sp....hr..P.E<D..9....C...F.2.jg4.og..Q".>...8Z...>..t...g...J..."\==..@.(.....5n..5+.a......mm.x.2.Nk......S$....`.%.fD...F../<Mn... I....8.S.).(.}.lb6...^F.'....K_.NH}o.H.....z.7r.e......>.....@@...[......@)U...[.<.NH.]W`.%.. ....T.1v-..).L>+..0..q....h....0.......w...U..........]d....IEND.B`.

                                                                                                  Chrome Cache Entry: 1013

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1370
                                                                                                  Entropy (8bit):4.561991923903979
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:t4YrpNIitAUdstleUWI7uvnBJu5NcZBoLo4tBRzWgO9zOHaLdpahC2UkEH6Cff:lmq7zB8WgO9zGu2pUjaC3
                                                                                                  MD5:E071FDCE8A65F38DC579DAF848D80AC9
                                                                                                  SHA1:0221A3201D9C170ACC362331101A3C46F5765F0D
                                                                                                  SHA-256:F8C7C364D72D2E8F699E8770EC94A0BE7A0F18A0F5B30904FF594308C3CDEA3D
                                                                                                  SHA-512:DC127B77B15D3EF3C53F0929A84D287F821E8E0A27277B3FEA6ED76F5B293A502057F641CEC2C009E67A6CD5AECB199BA1DDFDFD2834CB59330E9BF84C58ABB2
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="456" height="455"><defs><linearGradient id="a" x1="21.587%" x2="76.116%" y1="5.709%" y2="100.496%"><stop stop-opacity=".2" offset="0%"/><stop stop-opacity=".05" offset="79.08%"/></linearGradient></defs><g fill="none"><path fill="#EF3939" d="M228 454.3c99.7 0 155.1 0 191.4-36.1 36.2-36.1 36.2-91.3 36.2-190.7 0-99.4 0-154.6-36.2-190.7C383.1.8 327.7.8 228 .8S72.9.8 36.6 36.9C.4 73 .4 128.2.4 227.6c0 99.4 0 154.6 36.2 190.7 36.3 36 91.7 36 191.4 36z"/><path fill="url(#a)" d="M376 143.7c-21.8-38.1-58.3-67.8-104.2-80.1C180.7 39.3 87.1 93.1 62.7 183.8c-12.3 45.6-4.7 91.9 17.5 129.7.3.5.6 1.1 1 1.6l80.2 138.5c13.3.4 27.7.5 43.2.5h22.6c44.3 0 79.9 0 109-3.2 36.3-4 62.3-12.9 82.4-32.9 29.3-29.2 34.9-71 36-138.7-46.8-80.8-78.5-135.5-78.6-135.6z"/><path fill="#FFF" d="M347.8 107.6c-66.5-66.4-174.4-66.4-241 0-66.5 66.4-66.5 174 0 240.3 66.5 66.4 174.4 66.4 241 0s66.6-174 0-240.3zm-10.2 78.1c-28.1 48.7-56.2 97.4-84.3 146.2-5.2 9.1-12.8 14.5-23.2 15.3-11

                                                                                                  Chrome Cache Entry: 1014

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                  Category:dropped
                                                                                                  Size (bytes):43
                                                                                                  Entropy (8bit):2.7374910194847146
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CU9yltxlHh/:m/
                                                                                                  MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                  SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                  SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                  SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                  Malicious:false
                                                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                                                  Chrome Cache Entry: 1015

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1186
                                                                                                  Entropy (8bit):4.341707257905637
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:tajutMMBCWXQAoGTXqoTOIanFDQFu5L5SxNtM0CtdM+DMhQbQ7e:M3sXqcOIanFDQFeTjM+DOQEq
                                                                                                  MD5:440744A2070C72A205C7FBA19A3F4C1E
                                                                                                  SHA1:82C7A4716B9B3A02291FE6047278B627C3A206A7
                                                                                                  SHA-256:A2D6BEF7F033164E5DBA1D45C527A13C2C7879181430F45141D60D9EA32D5947
                                                                                                  SHA-512:9B7A75497A7899D571B87A14E040E0F7CC641509A633E6ED926893E41562322F9B9C1D8E924B580EE63AEE0377B9CEE9E0B7213BFC6DFB9A8D3D2A857DD425E4
                                                                                                  Malicious:false
                                                                                                  Preview:<svg width="22" height="22" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M5.5 2.332h10.904A3.368 3.368 0 0119.772 5.7v10.793a3.368 3.368 0 01-3.368 3.369H5.5a3.368 3.368 0 01-3.368-3.369V5.7A3.368 3.368 0 015.5 2.332zM.396 5.7A5.103 5.103 0 015.5.597h10.904A5.103 5.103 0 0121.508 5.7v10.793a5.103 5.103 0 01-5.104 5.104H5.5a5.103 5.103 0 01-5.104-5.104V5.7zm5.025 8.718h-1.14V9.584h1.14v4.834zm.062-6.084a.619.619 0 01-.631.618.619.619 0 110-1.236c.357 0 .631.275.631.618zm.59 2.788c0-2.088 1.21-3.392 3.125-3.392s3.124 1.304 3.124 3.392c0 2.1-1.209 3.405-3.124 3.405-1.916 0-3.124-1.304-3.124-3.405zm5.047 0c0-1.463-.748-2.403-1.922-2.403s-1.916.94-1.916 2.403c0 1.476.742 2.403 1.916 2.403s1.922-.927 1.922-2.403zm4.237 3.405c-1.525 0-2.506-.748-2.554-1.957h1.14c.068.612.679 1.003 1.476 1.003.796 0 1.345-.391 1.345-.94 0-.481-.336-.75-1.167-.948l-.851-.2c-1.216-.274-1.786-.858-1.786-1.798 0-1.167 1.017-1.957 2.445-1.957 1.455 0 2.41.783 2.437

                                                                                                  Chrome Cache Entry: 1016

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):391
                                                                                                  Entropy (8bit):6.964371494627847
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TDgNqlG5iCetTI+R+z7cMXryVz:b/6oniCyT5RQ4MXryh
                                                                                                  MD5:DCD25169B6A324680CE95B55D0C944EC
                                                                                                  SHA1:E1C3BE22E1A0BB8A267EE3764AAB1292B515CDAD
                                                                                                  SHA-256:3F8384A63BB1864DB0F883BAF0159573FFE7D7E2107AD736423869260CC51262
                                                                                                  SHA-512:217BE6672D66FE18090540BA39B1A1E2A9743229D37AEF3ACD82336691776A6DF1E5EE88923BEC47FA3E624C25B91879203243461553AA5FEA79FF138194C5F4
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/de.png
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..MN.0...q..)..UbS.. . ..S..e..v.ADQ..?.m.M(..l,[~o>.o$..9%.....c...9P.u.qJ..z}........E.1..l....s.}O.4.........r.s. .....mK.I.J)......ZQ|jB...."r.....G+.&..5.WB...W.Y.'0...CH2..........AH....o[..#p..1W).a....... .a..fg...xz.N.....V..H....@6.Rv.....;.....v.3.......IEND.B`.

                                                                                                  Chrome Cache Entry: 1017

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                  Category:dropped
                                                                                                  Size (bytes):43
                                                                                                  Entropy (8bit):2.7374910194847146
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CU9yltxlHh/:m/
                                                                                                  MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                  SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                  SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                  SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                  Malicious:false
                                                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                                                  Chrome Cache Entry: 1018

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (37189)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):81513
                                                                                                  Entropy (8bit):5.416044193221224
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:f8sZcdAP9uAm79crM7CI+WG2QglkFfLjJKI8oN:LZf1uAm5+mG2QgyHJKNY
                                                                                                  MD5:A3638F2D5EFB7DC27937B720EE712378
                                                                                                  SHA1:3F3A57AA03B9C2F68E4C1392374332EC83D5BE43
                                                                                                  SHA-256:44E9EF467248A902C255894760B117C57E5C650670EE51BA64F03DFFB287AA5B
                                                                                                  SHA-512:13C895171B6E6130229A3BD2D55D60FEAEA67ECAE3AF8A869E82C50B2567FCFE159B31C25133AAD4FE1DF09B70AF70C303C63A0AA7B7967E46B6B2309918DB4B
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/createPopper-ba0d1474.js
                                                                                                  Preview:import{c as jt,g as ds,p as Mo}from"./shim-ef4d8a0d.js";var ti={exports:{}};/**. * @license. * Lodash <https://lodash.com/>. * Copyright OpenJS Foundation and other contributors <https://openjsf.org/>. * Released under MIT license <https://lodash.com/license>. * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>. * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors. */ti.exports;(function(f,a){(function(){var i,p="4.17.21",h=200,g="Unsupported core-js use. Try https://npms.io/search?q=ponyfill.",R="Expected a function",E="Invalid `variable` option passed into `_.template`",m="__lodash_hash_undefined__",C=500,A="__lodash_placeholder__",I=1,J=2,P=4,S=1,K=2,F=1,Y=2,re=4,V=8,B=16,M=32,$=64,k=128,fe=256,se=512,ce=30,_e="...",Fe=800,we=16,pn=1,yn=2,Ee=3,de=1/0,Ne=9007199254740991,An=17976931348623157e292,bn=0/0,Le=4294967295,jn=Le-1,pt=Le>>>1,Wn=[["ary",k],["bind",F],["bindKey",Y],["curry",V],["curryRight",B],["flip",se],["partial",M],["partialRight",$

                                                                                                  Chrome Cache Entry: 1019

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):1186
                                                                                                  Entropy (8bit):4.341707257905637
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:tajutMMBCWXQAoGTXqoTOIanFDQFu5L5SxNtM0CtdM+DMhQbQ7e:M3sXqcOIanFDQFeTjM+DOQEq
                                                                                                  MD5:440744A2070C72A205C7FBA19A3F4C1E
                                                                                                  SHA1:82C7A4716B9B3A02291FE6047278B627C3A206A7
                                                                                                  SHA-256:A2D6BEF7F033164E5DBA1D45C527A13C2C7879181430F45141D60D9EA32D5947
                                                                                                  SHA-512:9B7A75497A7899D571B87A14E040E0F7CC641509A633E6ED926893E41562322F9B9C1D8E924B580EE63AEE0377B9CEE9E0B7213BFC6DFB9A8D3D2A857DD425E4
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/ios.svg
                                                                                                  Preview:<svg width="22" height="22" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M5.5 2.332h10.904A3.368 3.368 0 0119.772 5.7v10.793a3.368 3.368 0 01-3.368 3.369H5.5a3.368 3.368 0 01-3.368-3.369V5.7A3.368 3.368 0 015.5 2.332zM.396 5.7A5.103 5.103 0 015.5.597h10.904A5.103 5.103 0 0121.508 5.7v10.793a5.103 5.103 0 01-5.104 5.104H5.5a5.103 5.103 0 01-5.104-5.104V5.7zm5.025 8.718h-1.14V9.584h1.14v4.834zm.062-6.084a.619.619 0 01-.631.618.619.619 0 110-1.236c.357 0 .631.275.631.618zm.59 2.788c0-2.088 1.21-3.392 3.125-3.392s3.124 1.304 3.124 3.392c0 2.1-1.209 3.405-3.124 3.405-1.916 0-3.124-1.304-3.124-3.405zm5.047 0c0-1.463-.748-2.403-1.922-2.403s-1.916.94-1.916 2.403c0 1.476.742 2.403 1.916 2.403s1.922-.927 1.922-2.403zm4.237 3.405c-1.525 0-2.506-.748-2.554-1.957h1.14c.068.612.679 1.003 1.476 1.003.796 0 1.345-.391 1.345-.94 0-.481-.336-.75-1.167-.948l-.851-.2c-1.216-.274-1.786-.858-1.786-1.798 0-1.167 1.017-1.957 2.445-1.957 1.455 0 2.41.783 2.437

                                                                                                  Chrome Cache Entry: 1020

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):391
                                                                                                  Entropy (8bit):6.964371494627847
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TDgNqlG5iCetTI+R+z7cMXryVz:b/6oniCyT5RQ4MXryh
                                                                                                  MD5:DCD25169B6A324680CE95B55D0C944EC
                                                                                                  SHA1:E1C3BE22E1A0BB8A267EE3764AAB1292B515CDAD
                                                                                                  SHA-256:3F8384A63BB1864DB0F883BAF0159573FFE7D7E2107AD736423869260CC51262
                                                                                                  SHA-512:217BE6672D66FE18090540BA39B1A1E2A9743229D37AEF3ACD82336691776A6DF1E5EE88923BEC47FA3E624C25B91879203243461553AA5FEA79FF138194C5F4
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..MN.0...q..)..UbS.. . ..S..e..v.ADQ..?.m.M(..l,[~o>.o$..9%.....c...9P.u.qJ..z}........E.1..l....s.}O.4.........r.s. .....mK.I.J)......ZQ|jB...."r.....G+.&..5.WB...W.Y.'0...CH2..........AH....o[..#p..1W).a....... .a..fg...xz.N.....V..H....@6.Rv.....;.....v.3.......IEND.B`.

                                                                                                  Chrome Cache Entry: 1021

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 115780, version 1.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):65166
                                                                                                  Entropy (8bit):7.996866388988442
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:jXWfTjaF+5wDc02zxb9iIIW63bSPys2U/C:jGfQ+5wD52db9inWu9TUq
                                                                                                  MD5:28579964A58D213D0E8926CA866236DC
                                                                                                  SHA1:97B3A83FF4124332AF7D98D19F447AEE50643F0F
                                                                                                  SHA-256:9F8E569AE4163AE2C207017F42E9F1AD40F28DD4B96E4AF5D9485A807471A676
                                                                                                  SHA-512:5A915B65F5E014E1C8EA0BA8C16D4B408724C81A0E356545CD311152EB29488C3FC1BA5951DDAC7FD42601F1A6B6FC4ED2D54378C84309E1786A1A56796CFB22
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Ubuntu-Light-787540b9.woff2
                                                                                                  Preview:wOF2.......D....................................?FFTM..N...D..$.`..>.....#........S..8..6.$..4. ..~..d...[....C...on..QU..X......Pk...=^x..1..6..V....O.$.m.i .h.'g.........%)$i./ 8..|.N.....Cbi..`fY^@i`Pe....&.U...R...u.V..eI...$3.N:..%.(|..(.N....L(...,..;h.=V.,.bg....6}Y.}..S&.....fGh..$.."..I.M....}...P..t...d.p...c...4...:8..=x..L....)(_...). BH.n...{.Bm".#W2l`.8.o.....{.P3.K....K.tnm.3.....]s&.......<g..t...VQF.{.....fG5../..;.*...$.D~..e......=.F/\.......W2.j|u.px......6#.o....$......v..t...>s".&.A........4B....^...'..-..i..j.....<j.....+...8..O.U..h.<(.....b.G<Vx...k.....6..=._..V.WAw|.)^...<.........!.n..Bd..A..D....1PZI..d 7u.`.5.*6..1.C..O.......;..@^.......+@....."...(E..I7...r.\.e.....02.aI ....Z...U...qQ\..n..Tp,......p.Z."..z..U..TB.e.........gw.H..'......o...|......./.dnP.............u.+..Fj....er.p....%w1{..^..|...=...~."o.E...}....D>.!..J..mP..T.R.J......7n..`...>......3.T..+)$.t.......z...... .....fC}....I...h...x...

                                                                                                  Chrome Cache Entry: 1022

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                  Category:dropped
                                                                                                  Size (bytes):34494
                                                                                                  Entropy (8bit):4.506600233721794
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:39bQNZj3cvbFgzeKekm54MvTeYyaGaEV33m2ypTWSeWei:tql3bty6MvTelaGNmVBR
                                                                                                  MD5:6EC5465D42C5016CEB77B1156C68FDAA
                                                                                                  SHA1:26990B48F120D808B6200FCE342E4F11C0627B17
                                                                                                  SHA-256:54F345B9A1C91D3206B612E8CFC4512EBADB66E51D9422524AABE3E176BBBF00
                                                                                                  SHA-512:D46FF9B7E855D5B6D72313DC1BD6F8332ED9C71498F4E0DCB3526C06DB3C94E91B609134004E65EBA27852361544481C07B5279D4A05C702ED064AD9E10CA53E
                                                                                                  Malicious:false
                                                                                                  Preview:............ .h...V......... ......... .... .....F...00.... ..%......@@.... .(B...D..(....... ..... ..........................................Z<$.Z<..Z<..Z<..Z<..Z<..Z<..Z<&.........................Z<..Z<..Z<..Z;..Z<..aC..Y;..Z;..Z<..Z<..Z<..Z<..............Z<..Z<..Z<..bD..s..........Y:..Z;..Z;..Z;..Z<..Z<..Z<..........Z<..Z;..kN..................Y:..Z;..Z;..Z;..Z;..Z<..Z<......Z< .Z<..aC......................`B..Y:..Z;..Z;..Z;..Z;..Z<..Z<(.Z<..Z;..p............................cE..Z;..Z;..Z;..Z<..Z<..Z<..Y;....................................Y:.._A..tW..Y;..Z<..Z<.._@......................................t........_A..Z<..Z<..`B..................................................cG..Z<..Z<..Y;.................................................Y;..Z<..Z<..Z;............................................m..Z<..Z<..Z<..Z<..aC.........................................._A..Z<..Z<$.....Z<~.Z;..nR..................................hJ..Z<..Z<..........Z<..Z<..Z;..`B...................

                                                                                                  Chrome Cache Entry: 1023

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with very long lines (23031)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26239
                                                                                                  Entropy (8bit):5.457910804415624
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:7mNvc0UCqIxSWlDW0D+bH3zWA3WWj11gqhoy6DBuQm9LUks26Kf4hJ85H3XRXajM:wLSWly0qWgXDEJKNaj9vHqT1MpR//at5
                                                                                                  MD5:81D1E10896350DABE0160F3C2D72F669
                                                                                                  SHA1:F1E1860867ABF94608CDC366A2C6F8C3FF871064
                                                                                                  SHA-256:2CFC42E8B1242677EB8B2784A8A2BB7C0A1E43549C8869DAA3AC091EC0E8C116
                                                                                                  SHA-512:932BBB4FD1EBF70EA12D98587508D511ECD8F33BEDF3F6587DA27B8AA907A56519BBEA759016824C585B8446101C50A952FB01914E2A875E1F0A20D825E31A7A
                                                                                                  Malicious:false
                                                                                                  Preview:var zr=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function Rr(f){return f&&f.__esModule&&Object.prototype.hasOwnProperty.call(f,"default")?f.default:f}function Qr(f){if(f.__esModule)return f;var h=f.default;if(typeof h=="function"){var p=function l(){return this instanceof l?Reflect.construct(h,arguments,this.constructor):h.apply(this,arguments)};p.prototype=h.prototype}else p={};return Object.defineProperty(p,"__esModule",{value:!0}),Object.keys(f).forEach(function(l){var w=Object.getOwnPropertyDescriptor(f,l);Object.defineProperty(p,l,w.get?w:{enumerable:!0,get:function(){return f[l]}})}),p}var Dr={},J={};J.byteLength=Or;J.toByteArray=Yr;J.fromByteArray=Xr;var M=[],I=[],kr=typeof Uint8Array<"u"?Uint8Array:Array,V="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";for(var O=0,Nr=V.length;O<Nr;++O)M[O]=V[O],I[V.charCodeAt(O)]=O;I["-".charCodeAt(0)]=62;I["_".charCodeAt(0)]=63;function pr(f){var h=f.length;if

                                                                                                  Chrome Cache Entry: 1024

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 84300, version 1.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):65167
                                                                                                  Entropy (8bit):7.9971897757197485
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:MR49B+4rTB/Xubz3StDOvYIV6HnrIw4nwN:Mub+4HpUz3StD/8w3
                                                                                                  MD5:FC8F9148A46349AACE4CC8616B91BD1C
                                                                                                  SHA1:F90EAF02ED2AD07D76175F8167DE2E251942CD36
                                                                                                  SHA-256:92286B342612A1E24269CA92A59B6AA685446175D8131A8793AAA660C7242262
                                                                                                  SHA-512:4F7BF9B5C7144CB29FEDAB6728A870D4BCA7257CB2C741292F3DB43776CC5E7AAF939306BF3EDC78E059B4E2C821F32D4A928B796362EE49603D3C20B10CD3B3
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Ubuntu-Bold-af2f7500.woff2
                                                                                                  Preview:wOF2......IL..........H.........................?FFTM..N...j..H.`..>.....#.....P.....^..6.$..8. .....p...[3r...Cv.`[.#.95..b.9.......@.O..:..JA@.....3....f..W;........_2.9..$...N..V......U..l....X.T.%R.Rl..l.r....$mx....@+.&.JR.5.Z...5. EC.M...r..%V..v..x..b.}..8..N.0.\...$=..s..n.nQ.f...c!..}$.....]....v..YFI..wU..0P$w.3....5.>&.c).p.......>.:.Jkh...0.y..^{.n./-.'(/`s7s2...m...m\...L....].../M<.....p,.j...y.J...?&)*..|...t.S...r......+...HF...|..]6.+..1.v..3.gP.$k....Y...).B%Eeb.(_.^Zl-D....N.._.....G^.i=a..WT.^6.(.j>...`.#..*Z.R\-1._...j....M..r:I......p..C..L..r|....b...tT...~.(~...)Eh]7......._J...[.e=.3.....M..i}....\.*.5....BH..7|.a.{.c.]T.....r..4..1-.lqD..O...........i.....A!{Ds6.wI...\.. !.. !x X.I......T.... .o....TL..7*......ZY........H,P..CdPS..9}....ur.IC.,Gf.5>J.go...4.m.......[U.`.e.....`.....Fd..Q(0P.......w.w.....w.q%|......P.`f....X.s..r.F......w....I..$.D.f..YH.L...k.xc.Xdx..\.5....=.....wN.-.~!BVHx.,....bHq......Ga.!.......C..~..| .

                                                                                                  Chrome Cache Entry: 1025

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (60902)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):431958
                                                                                                  Entropy (8bit):5.070357563304237
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Znb9DfElp1OxdpVqGpz600I4ThLWJKDPltbSFw:Znb9DfEf1KUGpz600I4ThLWJKDjSFw
                                                                                                  MD5:1B1CE8FA00A5AA28DA5CFFE508662EB9
                                                                                                  SHA1:70DE93A915F8BC8CA3C8BE5A655719A062FBA780
                                                                                                  SHA-256:2DFC10EF5F69D85C7B871D14E160C6468FBE605FB62EA452D55DA1F4A474DC87
                                                                                                  SHA-512:42A88A64CBD2329C41F769A1D0F471C864A39215C8458B7EA3BAF03B3E1A82E8EFB2C4E016D0FAF5E5A72808DEABDA462E5036A5BEEEB685BD4712D3E4AF3956
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/app-2dfc10ef.css
                                                                                                  Preview:@charset "UTF-8";@import"https://use.fontawesome.com/releases/v5.14.0/css/all.css";@import"https://fonts.googleapis.com/css?family=Nunito";@font-face{font-family:Roboto;src:url(/build/assets/Roboto-Thin-0c775bcd.woff2) format("woff2"),url(/build/assets/Roboto-Thin-f90b7bde.woff) format("woff");font-weight:100;font-style:normal;font-display:swap}@font-face{font-family:Roboto;src:url(/build/assets/Roboto-ThinItalic-17b0902f.woff2) format("woff2"),url(/build/assets/Roboto-ThinItalic-33986c0c.woff) format("woff");font-weight:100;font-style:italic;font-display:swap}@font-face{font-family:Roboto;src:url(/build/assets/Roboto-Light-b7647a0d.woff2) format("woff2"),url(/build/assets/Roboto-Light-499d4939.woff) format("woff");font-weight:300;font-style:normal;font-display:swap}@font-face{font-family:Roboto;src:url(/build/assets/Roboto-LightItalic-97bcbcd5.woff2) format("woff2"),url(/build/assets/Roboto-LightItalic-cac1d391.woff) format("woff");font-weight:300;font-style:italic;font-display:swap}@

                                                                                                  Chrome Cache Entry: 1026

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):10555
                                                                                                  Entropy (8bit):4.924130152282198
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hVoKHxdN+mVlE8T56lqfwFAvyHE1wx3qY8a+S3qvvZGwnXb0fwuVbmAvjP:/oKHxdN+AlEA5eSvy+cqvvZrX6jvjP
                                                                                                  MD5:AE26C465C07A51369C5EA0D5E9B8044D
                                                                                                  SHA1:B2D27B096C5CCB39D6933ED4D79351236EB072C0
                                                                                                  SHA-256:F5EF8701BEAEFE307066349391DACFF5398D5747008BDA93153EF2E7A9361CB0
                                                                                                  SHA-512:D910EBC3F68A55C4D6040498D19B741E1AF5A65FDC35669CC686D240C028A8A47262DC54D2A28CED5650F27CCFCD9DC780B7F5BAB1326B014E85597F18BB037E
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/firefox.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 77.42 79.97"><defs><radialGradient id="b" cx="-7907" cy="-8515" r="80.8" gradientTransform="translate(7974 8524)" gradientUnits="userSpaceOnUse"><stop offset=".129" stop-color="#ffbd4f"/><stop offset=".186" stop-color="#ffac31"/><stop offset=".247" stop-color="#ff9d17"/><stop offset=".283" stop-color="#ff980e"/><stop offset=".403" stop-color="#ff563b"/><stop offset=".467" stop-color="#ff3750"/><stop offset=".71" stop-color="#f5156c"/><stop offset=".782" stop-color="#eb0878"/><stop offset=".86" stop-color="#e50080"/></radialGradient><radialGradient id="c" cx="-7937" cy="-8482" r="80.8" gradientTransform="translate(7974 8524)" gradientUnits="userSpaceOnUse"><stop offset=".3" stop-color="#960e18"/><stop offset=".351" stop-color="#b11927" stop-opacity=".74"/><stop offset=".435" stop-color="#db293d" stop-opacity=".343"/><stop offset=".497" stop-color="#f5334b" stop-opacity=".094"/><stop offset=".53" stop-color="#ff3750" stop-opacity="0"/>

                                                                                                  Chrome Cache Entry: 1027

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 65916, version 1.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):65916
                                                                                                  Entropy (8bit):7.996241088127611
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:nAwBjS40rROWAAffkRf+aFDExB8+m+bHvYc3uezUAAxmn:AQh0ymaFDypmcHvhumUAA0n
                                                                                                  MD5:9FEB0110B6DFF9EE2B9EBD17F7A1AEE6
                                                                                                  SHA1:90BBE308A02D7CDA492E3BEB1A6091809B8F35C8
                                                                                                  SHA-256:8CEF08634DC57D6519717C5A99A9E502BDC96586FE64770520A4820B0B089920
                                                                                                  SHA-512:E5B4C7643A1E2F3C134D2A0A4E08922D01EEDB5CF7F463E885D58167F438CB1745D16ACA2E455733F59AC5B63D85D4A34EFB37D86281FB51273569A3E35D7085
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Roboto-Regular-8cef0863.woff2
                                                                                                  Preview:wOF2.......|...................................?FFTM..~...L..L.`....T..<.....$..s.....6.$..8. ..q..f..I[ .....v..Y<uEO%.G.... .=.......T;G.....>...M....f.8M9d.........m.B.lv...!<......{...j..pG.Aj.......*(.....p..I".4..otK..`rF..h9......U./.i..}.%...9M....$...&...a&F...0...KkX.v.G..T..UM.X.!t0.....(..,s.p.t..uG......w.jIPV.$..A.B..Z..........",q.!...T.FR.rOH.....".9_.+.=yl.1=.#.._.m.S....l..v.x%~.5M.......>..A.(g........r..*.....M.iV2.l_.I2...;.......T._....s...x/v=....:r..p.....PUr...J..."..F?>..<.|r9d...*#......]...oD..&f"...x.....+.e...'..?y...&...Y.iu...vt.."......U...c\.3...:,.$...Hc.....oj.[.....x......./0}!Z..?..5...iI....i..0$..B......Q.A,.".:lN....._9..z....T...b...Y.U2(.j.t..t8.'...N.`...}..}.....&..H_...@.;.G....P..S.L...y....r.t...... ../.........`l.f.5[.b..cD....:,0_..?.....K...pn.O..........(J..T.9.$..'..;..).b.E......M.,J.........t......<Wp.......~".....S..I........}.^4.AP...r....D .w..,.~M...5.&....x.h.iW.5[I

                                                                                                  Chrome Cache Entry: 1028

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):370
                                                                                                  Entropy (8bit):7.121682770387952
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPWKeqZyhH09qRiYWWx1mOZSRZJxuUhMlVsw13tk+zyQXlpi2i2Kp:6v/7blYhUwRiY36OsRBuiMPsw1G+zllY
                                                                                                  MD5:A1013A5DEC5ACDEB194692116F7CDAF4
                                                                                                  SHA1:FDE4385BCD86FEE68866EA16D28CB2E22763F9A6
                                                                                                  SHA-256:06F7DE4F6E0EA2D30163740B26B70795AA80214E25F6A7772BEB2B2DCF3FD1A4
                                                                                                  SHA-512:F7A43B9E1D88D7176E2D750FD16BDFFA8FE0AD19CD7F8498847268750158FC3255B1B56F570E3B00CACC69919516456980B5E7E75A2A7FBDEB6FB27CAB74F08B
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/uk.png
                                                                                                  Preview:.PNG........IHDR................a...9IDATx...=n.A.D_....!!#$CB......b.%.!.#.p..@Z....t.|..J....._u.8...'...._\}9?..z.1..u|N.....?...A..;....D.};+.v....v....\l..<.J..@.08|....HP...+.0..0..z.`.8V@.(....uF.=C.x.........c....-...G.;...@.u...r;*.@.z....@.Q..F.!.;.Y.@&....$.3.....r.J.AJ....|@..T..=O........=...........n.5...G.."...mY..^.N ._.....D.5.....IEND.B`.

                                                                                                  Chrome Cache Entry: 1029

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):8266
                                                                                                  Entropy (8bit):4.533358344608409
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:+p3Kd7FJaws2ecMeVD7XA5Iw5juPHMG0XdoX3xJaygcESJ9M7bi3hqR3K7MAfUe2:9wr5ISjuPsG0XdIJESJa3i3kQlzM
                                                                                                  MD5:9F71A8985F4B4E8D302DD40519EE7589
                                                                                                  SHA1:E5D0B8A80C9CD76AEFF1C83BF5771E35B2A79359
                                                                                                  SHA-256:94D1DBF3CC0B71848F443C39F208938F07A30B247CCEB6383B36174503A2B9B0
                                                                                                  SHA-512:898CFB6DE0296FA43A46C21B2A3A8DA232AFD2AC8E6A093DDE5CB93B661AE461FEA8D11B3CFF44E14253A4492440E124695619830329B7DFF425E258131E6B89
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/safari.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 66.166 65.804"><defs><linearGradient id="b"><stop offset="0" stop-color="#06c2e7"/><stop offset=".25" stop-color="#0db8ec"/><stop offset=".5" stop-color="#12aef1"/><stop offset=".75" stop-color="#1f86f9"/><stop offset="1" stop-color="#107ddd"/></linearGradient><linearGradient id="a"><stop offset="0" stop-color="#bdbdbd"/><stop offset="1" stop-color="#fff"/></linearGradient><linearGradient xlink:href="#a" id="d" x1="412.975" x2="412.975" y1="237.608" y2="59.392" gradientTransform="translate(206.79 159.773) scale(.35154)" gradientUnits="userSpaceOnUse"/><filter id="f" width="1.042" height="1.045" x="-.021" y="-.022" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation=".958"/></filter><filter id="c" width="1.096" height="1.096" x="-.048" y="-.048" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="3.564"/></filter><radialGradient xlink:href="#b" id="e" cx="413.061" cy=

                                                                                                  Chrome Cache Entry: 1030

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):591
                                                                                                  Entropy (8bit):7.294484866286106
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TBd52rUSH1CqWmGBRPQ6JDqsJev0fyNNFU29lSg9db1Nzyz:b/61irUgCqWmYPQ6JDqMev0CFU6EydxO
                                                                                                  MD5:7E0C7E1FAE4EEE4DB89B240F1782A87B
                                                                                                  SHA1:4BE7D407D53EED7D17BB27A28CAC78CFCDDAEDD7
                                                                                                  SHA-256:095A1CD83EADD88D14C4C2EA3FA2E3DEB83BD1BAD748016A408F96242E4AC527
                                                                                                  SHA-512:F23B1D151F4A7D512A16E8D731174AD73316DD6C296E837D8B3CCEDBE40D1624533872495663C5183579315903CB80F75016C77BF3BAB63517E94D8C70A06AFB
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/pt.png
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..MkSA....s.kr.FI.*ADE.. .t#.n...aq..n\.r!.t#.. *..U.QSo.&.;...M.f.z`..8..."..~J.e`a|.S...@.......:!.!p....y..!V..i.@........D!.......~....4.2.9]5..@+......_z....=..^.k.d.PXMV.m..n.Zw....N%,....B.g.l.....B.c4...;...&.\.....'..u.=M.%`.......@....NV.@{=A^...Uh..%?.d#.m.O".*....5B.*.S!_.s..#l9%>.E....$...cQy>....j..[MN.n...q....I..@8.S{0.B...........7.....&E9....uJP. &'..Rj.@k....8......O....?.u.....`.....l$.}.U.7..!...Z.u........&.9......-...?..c..}...;....IEND.B`.

                                                                                                  Chrome Cache Entry: 1031

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4093
                                                                                                  Entropy (8bit):4.979920058615477
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:O84kp6cgmC1NvACu8EHi3u8EH99pR3dQapR3dOdwsw8:sk/Ci8uie8u99pRNQapRNOdwsw8
                                                                                                  MD5:500A4C15993CEAD09BA4B8D840F18A26
                                                                                                  SHA1:32CD0834ACB05B829ED4CD1DC210E163CBC3D0EE
                                                                                                  SHA-256:03CB60F63C1A5F6816870A3DAEB9F87245B1526364295ECB939A2B25B83C2E83
                                                                                                  SHA-512:3FC747FBC0CB954CA28E3336C2DD56784984948A27275D831DABF5B8CC7E042FC21FF08DE796C04EE827D17CB6C3D6B900BE87C210B3E10B57F9EBDFCE06F9DF
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 256 256"><defs><radialGradient id="b" cx="161.83" cy="68.91" r="95.38" gradientTransform="matrix(1 0 0 -.95 0 248.84)" gradientUnits="userSpaceOnUse"><stop offset=".72" stop-opacity="0"/><stop offset=".95" stop-opacity=".53"/><stop offset="1"/></radialGradient><radialGradient id="d" cx="-340.29" cy="62.99" r="143.24" gradientTransform="matrix(.15 -.99 -.8 -.12 176.64 -125.4)" gradientUnits="userSpaceOnUse"><stop offset=".76" stop-opacity="0"/><stop offset=".95" stop-opacity=".5"/><stop offset="1"/></radialGradient><radialGradient id="e" cx="113.37" cy="570.21" r="202.43" gradientTransform="matrix(-.04 1 2.13 .08 -1179.54 -106.69)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#35c1f1"/><stop offset=".11" stop-color="#34c1ed"/><stop offset=".23" stop-color="#2fc2df"/><stop offset=".31" stop-color="#2bc3d2"/><stop offset=".67" stop-color="#36c752"/></radialGradient><radialGradient id="f" cx="376.52" cy="567.97" r="97.34"

                                                                                                  Chrome Cache Entry: 1032

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1493
                                                                                                  Entropy (8bit):4.97308086662997
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:tcS/VjQHxlqGu2GPGvGmxfHxlqGoG0GP65xlFispPRULfVKraphG7gslMcCTMJAg:2SGHhuh+e4Hhb/P6NFisjULAGphOfCTI
                                                                                                  MD5:8F62BCF4556C3148B14240D76E56A721
                                                                                                  SHA1:B51A11F4E2629FF6299C8592BA61EC4323838CF3
                                                                                                  SHA-256:BBB06F24A40BFB54B7EAFDC6FF06EB7320B219FF9E890A418C741287257A5C6A
                                                                                                  SHA-512:4C5699234721B3B39B48B8F141E4937DC6E717B39873FE261A30B918DD7B1F78D09A1ACBDA2B3EF753737EE0C7D3062C547CE82AA9CA384B29C19A5A19F5BBF0
                                                                                                  Malicious:false
                                                                                                  Preview:<svg viewBox="0 0 75.591 75.591" xmlns="http://www.w3.org/2000/svg"><linearGradient id="a" gradientTransform="matrix(0 -54.944 -54.944 0 23.62 79.474)" gradientUnits="userSpaceOnUse" x2="1"><stop offset="0" stop-color="#ff1b2d"/><stop offset=".3" stop-color="#ff1b2d"/><stop offset=".614" stop-color="#ff1b2d"/><stop offset="1" stop-color="#a70014"/></linearGradient><linearGradient id="b" gradientTransform="matrix(0 -48.595 -48.595 0 37.854 76.235)" gradientUnits="userSpaceOnUse" x2="1"><stop offset="0" stop-color="#9c0000"/><stop offset=".7" stop-color="#ff4b4b"/><stop offset="1" stop-color="#ff4b4b"/></linearGradient><path d="M28.346 80.398C12.691 80.398 0 67.707 0 52.052 0 36.85 11.968 24.443 26.996 23.739a28.244 28.244 0 0120.241 7.18c-3.322-2.203-7.207-3.47-11.359-3.47-6.75 0-12.796 3.348-16.862 8.629-3.134 3.7-5.164 9.169-5.302 15.307v1.335c.138 6.137 2.168 11.608 5.302 15.307 4.066 5.28 10.112 8.63 16.862 8.63 4.152 0 8.038-1.269 11.36-3.474a28.239 28.239 0 01-18.785 7.215l-.108.0

                                                                                                  Chrome Cache Entry: 1033

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (384)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):11486
                                                                                                  Entropy (8bit):4.403969050441549
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:2661K2ySfFbLe7pVTOqdp4N6OIduJa9N83hTR9LOFSSOpQIY1o:2UWgduJDBdpQIY6
                                                                                                  MD5:0F5889129C5B4EF6E04ACEDB80DDFC5D
                                                                                                  SHA1:316B96792F8F10EF745949BF9FC6290043148335
                                                                                                  SHA-256:55AB8274E8C48657AF4251C331F214CD4714F700D5460EA6402682107274D0AF
                                                                                                  SHA-512:7DC3D96A64FCC4D18D88515ED51274310D9075E4CFC53B6171C60305FC462E038ACAF4B4D7E40684C3796445EC95D6AA2FC8F7E80CEB3B0F377490C93C0A0B71
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/en/extension-thankyou
                                                                                                  Preview:<!doctype html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="csrf-token" content="zwonzUqaoQlHY31izJolgAZYMA8cZwEzlq8vzhPB" />. <meta name="yandex-verification" content="269cc19acbdd3134" />.. <meta name="og:title" content="open graph title">. <meta name="og:image" content="open graph image">.. <title>MultiPassword</title>.. <meta name="robots" content="noindex,nofollow" />. <link rel="preload" as="style" href="https://multipassword.com/build/assets/app-2dfc10ef.css" /><link rel="stylesheet" href="https://multipassword.com/build/assets/app-2dfc10ef.css" />. <script type="text/javascript">. window.$ = null;. </script>.</head>.. <body class="ext-install">. <div class="container-xl ext-install__inner">. <div class="col-auto ext-install__right">. <div class="ext-install__push">. <div class="ext-install__error">.

                                                                                                  Chrome Cache Entry: 1034

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):493
                                                                                                  Entropy (8bit):7.220417912656917
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TPkZAQ7YhcZNKCdQGvvLP1h5vBeEo6UNN:b/6Ls7YkviGvD/FBeEo6a
                                                                                                  MD5:E60A13AADBB4635DF6189C6B283C62AE
                                                                                                  SHA1:701C17ADF80289BD820AD8ABAA89EC76BB4BA0A0
                                                                                                  SHA-256:EFBF0CF75D4B00BD5A0891A4DE84EE10BD4DC6BDC7E2D33841D37FDF51263F8C
                                                                                                  SHA-512:CBABEE71CDE892AE1CBD6FDD0C005E0AA2471D4608DFCAD02186EB1F375A955B4FCBE22E0F8256E09FD51FABED956F84A284ABE963F8BD99EAB03BF2DCC6650D
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F...sIDATx..MK[A......&i..`...?...J...u..... .\..+A.(.E%~....wf........9.s^.y8Gb..'....E....h.=...7..T)......V.9.._..Y F..1...Tt.!..G...s>"..jm..2.....;..-.;.]bz'4.9Z.+.*..A.4..R...ir.m_.p....ho'4j2C..`....5).....p...i..}._....?...T.P.0&.2*.E............ a..G...p`.....J...m....j,...s..cL.$0.1H}.hN....z.L...j....>c.2b5@.m..C.:.(.|...G.L..8...z@.d....@...J.x..{....J..=.3#.....IEND.B`.

                                                                                                  Chrome Cache Entry: 1035

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):370
                                                                                                  Entropy (8bit):7.121682770387952
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPWKeqZyhH09qRiYWWx1mOZSRZJxuUhMlVsw13tk+zyQXlpi2i2Kp:6v/7blYhUwRiY36OsRBuiMPsw1G+zllY
                                                                                                  MD5:A1013A5DEC5ACDEB194692116F7CDAF4
                                                                                                  SHA1:FDE4385BCD86FEE68866EA16D28CB2E22763F9A6
                                                                                                  SHA-256:06F7DE4F6E0EA2D30163740B26B70795AA80214E25F6A7772BEB2B2DCF3FD1A4
                                                                                                  SHA-512:F7A43B9E1D88D7176E2D750FD16BDFFA8FE0AD19CD7F8498847268750158FC3255B1B56F570E3B00CACC69919516456980B5E7E75A2A7FBDEB6FB27CAB74F08B
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a...9IDATx...=n.A.D_....!!#$CB......b.%.!.#.p..@Z....t.|..J....._u.8...'...._\}9?..z.1..u|N.....?...A..;....D.};+.v....v....\l..<.J..@.08|....HP...+.0..0..z.`.8V@.(....uF.=C.x.........c....-...G.;...@.u...r;*.@.z....@.Q..F.!.;.Y.@&....$.3.....r.J.AJ....|@..T..=O........=...........n.5...G.."...mY..^.N ._.....D.5.....IEND.B`.

                                                                                                  Chrome Cache Entry: 1036

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with very long lines (20693), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20693
                                                                                                  Entropy (8bit):5.221524818135381
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:su2RhC5FdpyTyzjnoLGafxwIrOVqyDRflvejwhIrYWz7fxS4oQ7yZE0NRwaoJMCN:V2RhCCWzjoaafxwD8rY87fxS447RRtCN
                                                                                                  MD5:4A48532BF0B17C058B8B6854F49DE23F
                                                                                                  SHA1:9CBADA4BD617C86C638CF2EBDDEC724AD596907B
                                                                                                  SHA-256:E55842A856A6D829FECA3C3AD736C136B6C7549E9247274F78AA296259E06E24
                                                                                                  SHA-512:C975EA3858DD8C7347D46343FB510ED236EFBDE6C0069CC6283EBA7639D47E22A560C1391C6314247A0269E1380F93D31B662C4897FA770AB2514BD0BD2D2F68
                                                                                                  Malicious:false
                                                                                                  Preview:!function(e){if(!e.hasInitialised){var t={escapeRegExp:function(e){return e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&")},hasClass:function(e,t){var i=" ";return 1===e.nodeType&&(i+e.className+i).replace(/[\n\t]/g,i).indexOf(i+t+i)>=0},addClass:function(e,t){e.className+=" "+t},removeClass:function(e,t){var i=new RegExp("\\b"+this.escapeRegExp(t)+"\\b");e.className=e.className.replace(i,"")},interpolateString:function(e,t){return e.replace(/{{([a-z][a-z0-9\-_]*)}}/gi,function(e){return t(arguments[1])||""})},getCookie:function(e){var t=("; "+document.cookie).split("; "+e+"=");return t.length<2?void 0:t.pop().split(";").shift()},setCookie:function(e,t,i,n,o,s){var r=new Date;r.setHours(r.getHours()+24*(i||365));var a=[e+"="+t,"expires="+r.toUTCString(),"path="+(o||"/")];n&&a.push("domain="+n),s&&a.push("secure"),document.cookie=a.join(";")},deepExtend:function(e,t){for(var i in t)t.hasOwnProperty(i)&&(i in e&&this.isPlainObject(e[i])&&this.isPlainObject(t[i])?this.deepExtend(e[

                                                                                                  Chrome Cache Entry: 1037

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3476
                                                                                                  Entropy (8bit):4.490684407482483
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:nKLoh1O7upORE0XU7jmGtMd6tqeJccXbezQm6nfjTsPvvOBSih12ncH/7JS02ON9:tPvtMd6QeJPrGAnfjTivE2cHTR2On
                                                                                                  MD5:4266F2413C54AC74896E0D0427D9B210
                                                                                                  SHA1:AB507F289128127E73A351BBFBD84B1F4B7F7430
                                                                                                  SHA-256:44E7644D73C0CCE77BF29C2A316EE671788BC7A3635106ACA7E311B06C0824AF
                                                                                                  SHA-512:89B15574F327FA7352B0D424FFA42FA129FB277E8A55083FE5AB067E8A6ABF84F0369F1048223B8AD65525F759F1D0D25302944AAC76E8B0A4D2657F216FB816
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" viewBox="0 0 256 301"><defs><linearGradient id="a" x1="0%" x2="100.097%" y1="50.018%" y2="50.018%"><stop offset="0%" stop-color="#FFF"/><stop offset="14.13%" stop-color="#FFF" stop-opacity=".958"/><stop offset="100%" stop-color="#FFF" stop-opacity=".7"/></linearGradient><linearGradient id="b" x1="-.039%" x2="100%" y1="49.982%" y2="49.982%"><stop offset="0%" stop-color="#F1F1F2"/><stop offset="9.191%" stop-color="#E4E5E6"/><stop offset="23.57%" stop-color="#D9DADB"/><stop offset="43.8%" stop-color="#D2D4D5"/><stop offset="100%" stop-color="#D0D2D3"/></linearGradient></defs><path fill="#F15A22" d="M256 97.1L246.7 72l6.4-14.4c.8-1.9.4-4-1-5.5l-17.5-17.7c-7.7-7.7-19.1-10.4-29.4-6.8l-4.9 1.7-26.8-29-45.3-.3h-.3L82.3.4 55.6 29.6l-4.8-1.7c-10.4-3.7-21.9-1-29.6 6.9l-17.8 18c-1.2 1.2-1.5 2.9-.9 4.4l6.7 15L0 97.3 6 120l27.2 103.3c3.1 11.9 10.3 22.3 20.4 29.5 0 0 33 23.3 65.5 44.4 2.9 1.9 5.9 3.2 9.1 3.2 3.2 0 6.2-1.3 9.1-3.2

                                                                                                  Chrome Cache Entry: 1038

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):446
                                                                                                  Entropy (8bit):7.1070540525310815
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TxylazA7PBk4r3AjGi3wP+r89JZX9lO:b/6dgazABprwjsP+r87ZNlO
                                                                                                  MD5:D909FF1434128340008455D23A24FBED
                                                                                                  SHA1:B3469B660FB2CC967CC924D22058A2952BE50FE4
                                                                                                  SHA-256:2629DE759DD340F44743175BB4510AA6D438A37E3D94E079D2AA4E6032F71DE9
                                                                                                  SHA-512:09C6D29836B6ECE202C7AFC4CF586111721141EA1CED5B0900B9B80AA162D3EF644B18B6042C6B16456C8D2BD74B3C46639EF5A46033DEBAFDD32BF72CC92250
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F...DIDATx..;N.@......(@..h((.(hr.t..sp....hr..P.E<D..9....C...F.2.jg4.og..Q".>...8Z...>..t...g...J..."\==..@.(.....5n..5+.a......mm.x.2.Nk......S$....`.%.fD...F../<Mn... I....8.S.).(.}.lb6...^F.'....K_.NH}o.H.....z.7r.e......>.....@@...[......@)U...[.<.NH.]W`.%.. ....T.1v-..).L>+..0..q....h....0.......w...U..........]d....IEND.B`.

                                                                                                  Chrome Cache Entry: 1039

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):1493
                                                                                                  Entropy (8bit):4.97308086662997
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:tcS/VjQHxlqGu2GPGvGmxfHxlqGoG0GP65xlFispPRULfVKraphG7gslMcCTMJAg:2SGHhuh+e4Hhb/P6NFisjULAGphOfCTI
                                                                                                  MD5:8F62BCF4556C3148B14240D76E56A721
                                                                                                  SHA1:B51A11F4E2629FF6299C8592BA61EC4323838CF3
                                                                                                  SHA-256:BBB06F24A40BFB54B7EAFDC6FF06EB7320B219FF9E890A418C741287257A5C6A
                                                                                                  SHA-512:4C5699234721B3B39B48B8F141E4937DC6E717B39873FE261A30B918DD7B1F78D09A1ACBDA2B3EF753737EE0C7D3062C547CE82AA9CA384B29C19A5A19F5BBF0
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/opera.svg
                                                                                                  Preview:<svg viewBox="0 0 75.591 75.591" xmlns="http://www.w3.org/2000/svg"><linearGradient id="a" gradientTransform="matrix(0 -54.944 -54.944 0 23.62 79.474)" gradientUnits="userSpaceOnUse" x2="1"><stop offset="0" stop-color="#ff1b2d"/><stop offset=".3" stop-color="#ff1b2d"/><stop offset=".614" stop-color="#ff1b2d"/><stop offset="1" stop-color="#a70014"/></linearGradient><linearGradient id="b" gradientTransform="matrix(0 -48.595 -48.595 0 37.854 76.235)" gradientUnits="userSpaceOnUse" x2="1"><stop offset="0" stop-color="#9c0000"/><stop offset=".7" stop-color="#ff4b4b"/><stop offset="1" stop-color="#ff4b4b"/></linearGradient><path d="M28.346 80.398C12.691 80.398 0 67.707 0 52.052 0 36.85 11.968 24.443 26.996 23.739a28.244 28.244 0 0120.241 7.18c-3.322-2.203-7.207-3.47-11.359-3.47-6.75 0-12.796 3.348-16.862 8.629-3.134 3.7-5.164 9.169-5.302 15.307v1.335c.138 6.137 2.168 11.608 5.302 15.307 4.066 5.28 10.112 8.63 16.862 8.63 4.152 0 8.038-1.269 11.36-3.474a28.239 28.239 0 01-18.785 7.215l-.108.0

                                                                                                  Chrome Cache Entry: 1040

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text, with very long lines (20693), with no line terminators
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):20693
                                                                                                  Entropy (8bit):5.221524818135381
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:su2RhC5FdpyTyzjnoLGafxwIrOVqyDRflvejwhIrYWz7fxS4oQ7yZE0NRwaoJMCN:V2RhCCWzjoaafxwD8rY87fxS447RRtCN
                                                                                                  MD5:4A48532BF0B17C058B8B6854F49DE23F
                                                                                                  SHA1:9CBADA4BD617C86C638CF2EBDDEC724AD596907B
                                                                                                  SHA-256:E55842A856A6D829FECA3C3AD736C136B6C7549E9247274F78AA296259E06E24
                                                                                                  SHA-512:C975EA3858DD8C7347D46343FB510ED236EFBDE6C0069CC6283EBA7639D47E22A560C1391C6314247A0269E1380F93D31B662C4897FA770AB2514BD0BD2D2F68
                                                                                                  Malicious:false
                                                                                                  URL:https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
                                                                                                  Preview:!function(e){if(!e.hasInitialised){var t={escapeRegExp:function(e){return e.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&")},hasClass:function(e,t){var i=" ";return 1===e.nodeType&&(i+e.className+i).replace(/[\n\t]/g,i).indexOf(i+t+i)>=0},addClass:function(e,t){e.className+=" "+t},removeClass:function(e,t){var i=new RegExp("\\b"+this.escapeRegExp(t)+"\\b");e.className=e.className.replace(i,"")},interpolateString:function(e,t){return e.replace(/{{([a-z][a-z0-9\-_]*)}}/gi,function(e){return t(arguments[1])||""})},getCookie:function(e){var t=("; "+document.cookie).split("; "+e+"=");return t.length<2?void 0:t.pop().split(";").shift()},setCookie:function(e,t,i,n,o,s){var r=new Date;r.setHours(r.getHours()+24*(i||365));var a=[e+"="+t,"expires="+r.toUTCString(),"path="+(o||"/")];n&&a.push("domain="+n),s&&a.push("secure"),document.cookie=a.join(";")},deepExtend:function(e,t){for(var i in t)t.hasOwnProperty(i)&&(i in e&&this.isPlainObject(e[i])&&this.isPlainObject(t[i])?this.deepExtend(e[

                                                                                                  Chrome Cache Entry: 1041

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):3476
                                                                                                  Entropy (8bit):4.490684407482483
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:nKLoh1O7upORE0XU7jmGtMd6tqeJccXbezQm6nfjTsPvvOBSih12ncH/7JS02ON9:tPvtMd6QeJPrGAnfjTivE2cHTR2On
                                                                                                  MD5:4266F2413C54AC74896E0D0427D9B210
                                                                                                  SHA1:AB507F289128127E73A351BBFBD84B1F4B7F7430
                                                                                                  SHA-256:44E7644D73C0CCE77BF29C2A316EE671788BC7A3635106ACA7E311B06C0824AF
                                                                                                  SHA-512:89B15574F327FA7352B0D424FFA42FA129FB277E8A55083FE5AB067E8A6ABF84F0369F1048223B8AD65525F759F1D0D25302944AAC76E8B0A4D2657F216FB816
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/brave.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid" viewBox="0 0 256 301"><defs><linearGradient id="a" x1="0%" x2="100.097%" y1="50.018%" y2="50.018%"><stop offset="0%" stop-color="#FFF"/><stop offset="14.13%" stop-color="#FFF" stop-opacity=".958"/><stop offset="100%" stop-color="#FFF" stop-opacity=".7"/></linearGradient><linearGradient id="b" x1="-.039%" x2="100%" y1="49.982%" y2="49.982%"><stop offset="0%" stop-color="#F1F1F2"/><stop offset="9.191%" stop-color="#E4E5E6"/><stop offset="23.57%" stop-color="#D9DADB"/><stop offset="43.8%" stop-color="#D2D4D5"/><stop offset="100%" stop-color="#D0D2D3"/></linearGradient></defs><path fill="#F15A22" d="M256 97.1L246.7 72l6.4-14.4c.8-1.9.4-4-1-5.5l-17.5-17.7c-7.7-7.7-19.1-10.4-29.4-6.8l-4.9 1.7-26.8-29-45.3-.3h-.3L82.3.4 55.6 29.6l-4.8-1.7c-10.4-3.7-21.9-1-29.6 6.9l-17.8 18c-1.2 1.2-1.5 2.9-.9 4.4l6.7 15L0 97.3 6 120l27.2 103.3c3.1 11.9 10.3 22.3 20.4 29.5 0 0 33 23.3 65.5 44.4 2.9 1.9 5.9 3.2 9.1 3.2 3.2 0 6.2-1.3 9.1-3.2

                                                                                                  Chrome Cache Entry: 1042

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):1740
                                                                                                  Entropy (8bit):5.452356157068675
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:BOLUxOLz3FZOOOLyckOLSRVc+uaOLDYkN0oD:BOLUxOLzFZOOOLCOLmVc+uaOLDRNn
                                                                                                  MD5:A0F90BB9A346A8027EBC9FBC17B26C3E
                                                                                                  SHA1:A1060221B5794F7EF00A3B95DDAD4642C6817571
                                                                                                  SHA-256:AB535A911215B95D5C4BE7DC2858F6F2CDBFAA716F0395759092BD4D768485CB
                                                                                                  SHA-512:94AC075AED05D842D04A52EE60A83263C4E93D6BFBBF3C1295796DA7F67045D00CDA5747E53F5DE1378F11530EB6C66264480300F5DC56753175D3B5C7F0720B
                                                                                                  Malicious:false
                                                                                                  URL:https://fonts.googleapis.com/css?family=Nunito
                                                                                                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Nunito';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTk3j77e.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Nunito';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTA3j77e.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* vietnamese */.@font-face {. font-family: 'Nunito';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTs3j77e.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./* latin-ext */.@font-fac

                                                                                                  Chrome Cache Entry: 1043

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10555
                                                                                                  Entropy (8bit):4.924130152282198
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:hVoKHxdN+mVlE8T56lqfwFAvyHE1wx3qY8a+S3qvvZGwnXb0fwuVbmAvjP:/oKHxdN+AlEA5eSvy+cqvvZrX6jvjP
                                                                                                  MD5:AE26C465C07A51369C5EA0D5E9B8044D
                                                                                                  SHA1:B2D27B096C5CCB39D6933ED4D79351236EB072C0
                                                                                                  SHA-256:F5EF8701BEAEFE307066349391DACFF5398D5747008BDA93153EF2E7A9361CB0
                                                                                                  SHA-512:D910EBC3F68A55C4D6040498D19B741E1AF5A65FDC35669CC686D240C028A8A47262DC54D2A28CED5650F27CCFCD9DC780B7F5BAB1326B014E85597F18BB037E
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 77.42 79.97"><defs><radialGradient id="b" cx="-7907" cy="-8515" r="80.8" gradientTransform="translate(7974 8524)" gradientUnits="userSpaceOnUse"><stop offset=".129" stop-color="#ffbd4f"/><stop offset=".186" stop-color="#ffac31"/><stop offset=".247" stop-color="#ff9d17"/><stop offset=".283" stop-color="#ff980e"/><stop offset=".403" stop-color="#ff563b"/><stop offset=".467" stop-color="#ff3750"/><stop offset=".71" stop-color="#f5156c"/><stop offset=".782" stop-color="#eb0878"/><stop offset=".86" stop-color="#e50080"/></radialGradient><radialGradient id="c" cx="-7937" cy="-8482" r="80.8" gradientTransform="translate(7974 8524)" gradientUnits="userSpaceOnUse"><stop offset=".3" stop-color="#960e18"/><stop offset=".351" stop-color="#b11927" stop-opacity=".74"/><stop offset=".435" stop-color="#db293d" stop-opacity=".343"/><stop offset=".497" stop-color="#f5334b" stop-opacity=".094"/><stop offset=".53" stop-color="#ff3750" stop-opacity="0"/>

                                                                                                  Chrome Cache Entry: 1044

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8266
                                                                                                  Entropy (8bit):4.533358344608409
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:+p3Kd7FJaws2ecMeVD7XA5Iw5juPHMG0XdoX3xJaygcESJ9M7bi3hqR3K7MAfUe2:9wr5ISjuPsG0XdIJESJa3i3kQlzM
                                                                                                  MD5:9F71A8985F4B4E8D302DD40519EE7589
                                                                                                  SHA1:E5D0B8A80C9CD76AEFF1C83BF5771E35B2A79359
                                                                                                  SHA-256:94D1DBF3CC0B71848F443C39F208938F07A30B247CCEB6383B36174503A2B9B0
                                                                                                  SHA-512:898CFB6DE0296FA43A46C21B2A3A8DA232AFD2AC8E6A093DDE5CB93B661AE461FEA8D11B3CFF44E14253A4492440E124695619830329B7DFF425E258131E6B89
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 66.166 65.804"><defs><linearGradient id="b"><stop offset="0" stop-color="#06c2e7"/><stop offset=".25" stop-color="#0db8ec"/><stop offset=".5" stop-color="#12aef1"/><stop offset=".75" stop-color="#1f86f9"/><stop offset="1" stop-color="#107ddd"/></linearGradient><linearGradient id="a"><stop offset="0" stop-color="#bdbdbd"/><stop offset="1" stop-color="#fff"/></linearGradient><linearGradient xlink:href="#a" id="d" x1="412.975" x2="412.975" y1="237.608" y2="59.392" gradientTransform="translate(206.79 159.773) scale(.35154)" gradientUnits="userSpaceOnUse"/><filter id="f" width="1.042" height="1.045" x="-.021" y="-.022" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation=".958"/></filter><filter id="c" width="1.096" height="1.096" x="-.048" y="-.048" color-interpolation-filters="sRGB"><feGaussianBlur stdDeviation="3.564"/></filter><radialGradient xlink:href="#b" id="e" cx="413.061" cy=

                                                                                                  Chrome Cache Entry: 1045

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format, TrueType, length 129064, version 0.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):129064
                                                                                                  Entropy (8bit):7.992941724499101
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:3072:MXcnyb78/FG1HrzX5tQ82WjAP5kp/pD8Hy5fT06IF:5nTYprtGWa0Zl5fTEF
                                                                                                  MD5:BA4E7809D474B7B6936D09346695C3AE
                                                                                                  SHA1:471BE8330F09918694E08C3D5D166BBEFEA1CB4D
                                                                                                  SHA-256:59EE0BA6B17F21D57466E73D0B50929E3820F00106779C94FCFFED3A205852BA
                                                                                                  SHA-512:E6098888F14C21A9998AE2CD009817178EED0C1431A2E45142F1D7A825075025F338E9595CFF8B194D4B8E7C12D6C4459C442F70B33B675B300F00E00731633C
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Ubuntu-Regular-59ee0ba6.woff
                                                                                                  Preview:wOFF.......(......!.........................FFTM............t`.GDEF.......H...N.y .GPOS......K...4.LQN4GSUB...`......2H...%OS/2.......\...`.6..cmap.......O....s%.cvt ............-$$.fpgm...........#v.D.gasp................glyf.." ..j$..O.A...head.......6...6...'hhea.......!...$...Fhmtx...l...%.....D."loca.......U........maxp....... ... ....name...D...........post...T......,pGZ-.prep...l...n....AF...........j_.<...........X.....2.(.Y.C................x.c`d``^..A.w......3.."............................../.Y... ......x.c`f.c..............B3.e.g....feafcbfby...?.A!...\.}....8~.0s.wg.`^.W..a~.#P...V....f.!..Xx...l.W..s.m......V>ZJ.[..-].W.-l.....e".e...&Q..8.".S'YPtfs...Ag.Y&..bt&...E.M..m...c...s..Z/..&...=..x..u..5..N.w&.S$.....P>c..*.Y..R#.e.Y+. ..C*y. Wd...R......W...&.....p7X....x..kD0....c.A.b...}L..?.+@.x..oJ....E_.$.#.jO..<...>+.r. ......\wH...Rl..mWI.. .Tfx......&).l.T.v..w.....Ro.J..^!q.....~..)....g......oNH.yA.x.f.H..*3M ..X.'.M;......g.{.PWK@...T#[

                                                                                                  Chrome Cache Entry: 1046

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4539
                                                                                                  Entropy (8bit):5.313264749154534
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:+wAbQFyFKYqrR5uIb/1GYixIXmKHPVV4s:bquqIbd0xIdPVVv
                                                                                                  MD5:BDBC230A93180B8EE87298A4FD75A5B4
                                                                                                  SHA1:06A47B3841D70CC9A68312071CA3E47A6805612F
                                                                                                  SHA-256:49BF77EBF920F693D43190060CBFE337545CF4158B090ECDE4C82A04DE319065
                                                                                                  SHA-512:C5EC374A4699906CCC082897C9872F20A7846DDEA6BA93DF3A7CA3FCE3D5FBFBA7930E2E023A414991870C8487F96C12B5D6B1078E8D032404BFF259922C7453
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="1 1 176 176"><style>.B{clip-path:url(#C)}.C{fill:#3e2723}.D{fill-opacity:.15}.E{fill-opacity:.2}</style><defs><circle id="A" cx="96" cy="96" r="88"/><path id="B" d="M8 184h83.77l38.88-38.88V116h-69.3L8 24.48z"/></defs><clipPath id="C"><use xlink:href="#A"/></clipPath><g class="B" transform="translate(-7 -7)"><path d="M21.97 8v108h39.4L96 56h88V8z" fill="#db4437"/><linearGradient id="D" x1="29.34" x2="81.84" y1="75.02" y2="44.35" gradientUnits="userSpaceOnUse"><stop stop-color="#a52714" stop-opacity=".6" offset="0"/><stop stop-color="#a52714" stop-opacity="0" offset=".66"/></linearGradient><path d="M21.97 8v108h39.4L96 56h88V8z" fill="url(#D)"/><path d="M62.3 115.6L22.48 47.3l-.58 1 39.54 67.8z" class="C D"/><use xlink:href="#B" fill="#0f9d58"/><linearGradient id="E" x1="110.9" x2="52.54" y1="164.5" y2="130.3" gradientUnits="userSpaceOnUse"><stop stop-color="#055524" stop-opacity=".4" offset="0"/

                                                                                                  Chrome Cache Entry: 1047

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (534)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):206975
                                                                                                  Entropy (8bit):5.512057942138096
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:3kza4te7HcpvKMIt5RZqho84mmzNEdg9KYrKNAJDBx:tX74vVIt3Zqho84mmxEMZrK2H
                                                                                                  MD5:74E53F594C5054A5860350D72CF3701C
                                                                                                  SHA1:97870B053A34E2C6B45D07C99B8CE5F697C5C4D5
                                                                                                  SHA-256:BAAC61D24BDD301E75A4E2949F53933A99B96C35D390CC842560A3B398A70DAF
                                                                                                  SHA-512:60CCA0B60B4DC9AC4AB2660256DBA55B55C862B5F09508E111C4F7F5289B252C091FBBDE2807D1388A20138D5985883F84789BD6C4D352E7C0277D60142B7506
                                                                                                  Malicious:false
                                                                                                  URL:https://mc.yandex.ru/metrika/tag.js
                                                                                                  Preview:.(function(){try{(function(){function Se(a,c,b,d){var e=this;return z(window,"c.i",function(){function f(D){(D=Te(l,m,"",D)(l,m))&&(T(D.then)?D.then(g):g(D));return D}function g(D){D&&(T(D)?p.push(D):ha(D)&&x(function(P){var N=P[0];P=P[1];T(P)&&("u"===N?p.push(P):h(P,N))},za(D)))}function h(D,P,N){e[P]=Fl(l,m,N||q,P,D)}var k,l=window;(!l||isNaN(a)&&!a)&&Od();var m=Gl(a,Pd,c,b,d),p=[],q=[ah,Te,bh];q.unshift(Hl);var r=B(U,Qa),t=J(m);m.id||Ra(Ma("Invalid Metrika id: "+m.id,!0));var y=Zc.C("counters",{});if(y[t])return Eb(l,.t,"dc",(k={},k.key=t,k)),y[t];Il(l,t,ch(a,c,b,d));y[t]=e;Zc.D("counters",y);Zc.Ea("counter",e);x(function(D){D(l,m)},Ue);x(f,Qd);f(Jl);h(Kl(l,m,p),"destruct",[ah,bh]);Ob(l,E([l,r,f,1,"a.i"],dh));x(f,X)})()}function ah(a,c,b,d){return z(a,"cm."+b,d)}function bh(a,c,b,d){return function(){var e=Ia(arguments);e=d.apply(void 0,e);return Z(e)?Fa(a,c):e}}function Ll(a,c){delete H(a).C("cok",{})[c]}function Il(a,c,b){a=H(a);var d=a.C("cok",{});d[c]=b;a.D("cok",d)}function M

                                                                                                  Chrome Cache Entry: 1048

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):707
                                                                                                  Entropy (8bit):7.4201500949823735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TziQEG1npPuoJYKJQ0Ghr0bPwFl95XCHKCHMnsaldS05vCIO59aYdp1Z0:b/6XsanZJeeehrJ/bXCHvMZlc05vCd5q
                                                                                                  MD5:E4896565595FC22E344FD619C0ED15BB
                                                                                                  SHA1:43D4481A4CC3E60B406B2467B5F7E576FCBAE260
                                                                                                  SHA-256:C3A4CB8F32EF0CD89E6429D40D1FAEBD359E02E34D69764052C8402A391E9A00
                                                                                                  SHA-512:0AB96B0D29EEB56D1BBEF4017DD039701FA85775F50F6B9DCD50FC0D8853228F1AD1FD9A4593D5CF9CE521CF84C31145C10A99588C2D243E114400723E02549C
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F...IIDATx..]H.Q...g{.95..1....b$.0$.f.}..IE.fA]D.E`..^....J.....R".r..Q.....1?&.........]....s........BJ.j$.+..<W.80.......-..y4l.....c1^<.g..e.Tr...pc7.......(.kIufg+@Z......rbo)E.j.{....}.v.tL6.e{\..Q.gc....W.i.`..=..E.L.......=.......'4..".ef.*v.......`.@.Lp..fCj..!..\.U'...8......7mU.~.m$5.....H.f.HI.............q...b.'"h.)D...#..`.*...........K.....de%+..pW"...._..|Axr....J<....ZHy.....Y.H..%0o%.OM.x.)...0...N...........}.'.......:.w.Qq.Cg.8.k........e...:...U..6.....8y.&.?.....Zvh....KgX..@dq.A...;]HM#...w$.@....j.........@..f.Y....`N..B....j..w.....kXp7....IEND.B`.

                                                                                                  Chrome Cache Entry: 1049

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 65972, version 1.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):65972
                                                                                                  Entropy (8bit):7.996443744599385
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:768:f1Xyo8kWfMqTSmVGijfjPcFWsyLe2HZaGTPhl7MDjFvtdEaCYK6lzdwUBgLXx0XT:flnzzYGij70jmaGdl7A51lsCaLXx0XYw
                                                                                                  MD5:F3A02E2578BEE50E620E515912278BC9
                                                                                                  SHA1:168E9A9E4690EC3437A6A3087DD2F76FADC47888
                                                                                                  SHA-256:4D7DD6E02D849E181E51DB84D9D230D369B8CE7412DBCEE9D7D1D19AD8A16741
                                                                                                  SHA-512:005BAFA483125A3EF78548818143102FF56D0BE9E17BD9A386FEC7FF3D6719F3B3EA6E2ED058616A7973E0D7B82B7B993112C4757E9870208151CBE2C429E038
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Roboto-Bold-4d7dd6e0.woff2
                                                                                                  Preview:wOF2...............\...K........................?FFTM..~...$..L.`....H..<........E.....6.$..8. ..}..f..)[....*.h..6.....nC..U73...n.1...[..z..h[...W.~...C}.........._.L...v.M?ZJ..S.E.9|..#(..d.H..Ne^..e.z..E[hN.u...{J..@)..Q7.....*"..}.eM.r............3.R.&....7..|.9.V....3f....3.J..YK.*]..[o.g.QK.#?U....RC..>..SRA.:AIUPz.-..O.AK...H.B...R.tN......l..&=Bl...\^D.+8b...D....u.w..&4.:.M.n..jK.76.#......s..++..G.z#H5..x....41nb....\(..p8..p]........T.6.{|._..zF%.....G.}..\X.F.....K..l.O..&.q..`s.B....J...T..JO.......R..}....o...wW./h...$3\..|.+P.=.O.]..#.J...o..d...P.p....H. ....oC]..A..u.XC_... ...I.F.7?M..S..I....w."d..~............p.+=._....._..g.t..O8...$d.).......~.o..c.I..C..0...F.}.1=.P......#j.S.BE............|... .1.5.B..`'!.5IxAB.K.O.]...../.IQ.......E...N(p..%....Je.6..8......`........'.Y%D...,s.WR'7B....s..H)...F......,2X...=....)...<....T.W....(.5....J...n.....;..f6?w....#.....|U.)..8.....M.1'.].c[.....}...X..D%..#...LN.(.ly[..1..5.*8

                                                                                                  Chrome Cache Entry: 1050

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):43
                                                                                                  Entropy (8bit):2.7374910194847146
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CU9yltxlHh/:m/
                                                                                                  MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                  SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                  SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                  SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                  Malicious:false
                                                                                                  URL:https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10461.KVfPr-v2T7kuehDf5AiyDi7hOhB3UjraWIOHRWLw05mIE8RmpCo3chNKQ1eL0JfwOriOvS7Vx_Ru5AGyHDE-K3Zf7t2Rz05iZG5WROuSDCgWIeHKIUQhE21EyGk5_oewodz9YpY8p6j2YF5rxbecCzP7nYUhkmGhFpSoZXEtFJcLQbAcQFAkTqEgwnAWjwCGiI5YOoBd2Tq-IlDNYh9G4ElC-PogJU_3_vWt2PlNyPM%2C._u85qHgFr8lVYDh3-VFMzkWiH5w%2C
                                                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                                                  Chrome Cache Entry: 1051

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):707
                                                                                                  Entropy (8bit):7.4201500949823735
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TziQEG1npPuoJYKJQ0Ghr0bPwFl95XCHKCHMnsaldS05vCIO59aYdp1Z0:b/6XsanZJeeehrJ/bXCHvMZlc05vCd5q
                                                                                                  MD5:E4896565595FC22E344FD619C0ED15BB
                                                                                                  SHA1:43D4481A4CC3E60B406B2467B5F7E576FCBAE260
                                                                                                  SHA-256:C3A4CB8F32EF0CD89E6429D40D1FAEBD359E02E34D69764052C8402A391E9A00
                                                                                                  SHA-512:0AB96B0D29EEB56D1BBEF4017DD039701FA85775F50F6B9DCD50FC0D8853228F1AD1FD9A4593D5CF9CE521CF84C31145C10A99588C2D243E114400723E02549C
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/en.png
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F...IIDATx..]H.Q...g{.95..1....b$.0$.f.}..IE.fA]D.E`..^....J.....R".r..Q.....1?&.........]....s........BJ.j$.+..<W.80.......-..y4l.....c1^<.g..e.Tr...pc7.......(.kIufg+@Z......rbo)E.j.{....}.v.tL6.e{\..Q.gc....W.i.`..=..E.L.......=.......'4..".ef.*v.......`.@.Lp..fCj..!..\.U'...8......7mU.~.m$5.....H.f.HI.............q...b.'"h.)D...#..`.*...........K.....de%+..pW"...._..|Axr....J<....ZHy.....Y.H..%0o%.OM.x.)...0...N...........}.'.......:.w.Qq.Cg.8.k........e...:...U..6.....8y.&.?.....Zvh....KgX..@dq.A...;]HM#...w$.@....j.........@..f.Y....`N..B....j..w.....kXp7....IEND.B`.

                                                                                                  Chrome Cache Entry: 1052

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (534)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):206975
                                                                                                  Entropy (8bit):5.512057942138096
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:3kza4te7HcpvKMIt5RZqho84mmzNEdg9KYrKNAJDBx:tX74vVIt3Zqho84mmxEMZrK2H
                                                                                                  MD5:74E53F594C5054A5860350D72CF3701C
                                                                                                  SHA1:97870B053A34E2C6B45D07C99B8CE5F697C5C4D5
                                                                                                  SHA-256:BAAC61D24BDD301E75A4E2949F53933A99B96C35D390CC842560A3B398A70DAF
                                                                                                  SHA-512:60CCA0B60B4DC9AC4AB2660256DBA55B55C862B5F09508E111C4F7F5289B252C091FBBDE2807D1388A20138D5985883F84789BD6C4D352E7C0277D60142B7506
                                                                                                  Malicious:false
                                                                                                  Preview:.(function(){try{(function(){function Se(a,c,b,d){var e=this;return z(window,"c.i",function(){function f(D){(D=Te(l,m,"",D)(l,m))&&(T(D.then)?D.then(g):g(D));return D}function g(D){D&&(T(D)?p.push(D):ha(D)&&x(function(P){var N=P[0];P=P[1];T(P)&&("u"===N?p.push(P):h(P,N))},za(D)))}function h(D,P,N){e[P]=Fl(l,m,N||q,P,D)}var k,l=window;(!l||isNaN(a)&&!a)&&Od();var m=Gl(a,Pd,c,b,d),p=[],q=[ah,Te,bh];q.unshift(Hl);var r=B(U,Qa),t=J(m);m.id||Ra(Ma("Invalid Metrika id: "+m.id,!0));var y=Zc.C("counters",{});if(y[t])return Eb(l,.t,"dc",(k={},k.key=t,k)),y[t];Il(l,t,ch(a,c,b,d));y[t]=e;Zc.D("counters",y);Zc.Ea("counter",e);x(function(D){D(l,m)},Ue);x(f,Qd);f(Jl);h(Kl(l,m,p),"destruct",[ah,bh]);Ob(l,E([l,r,f,1,"a.i"],dh));x(f,X)})()}function ah(a,c,b,d){return z(a,"cm."+b,d)}function bh(a,c,b,d){return function(){var e=Ia(arguments);e=d.apply(void 0,e);return Z(e)?Fa(a,c):e}}function Ll(a,c){delete H(a).C("cok",{})[c]}function Il(a,c,b){a=H(a);var d=a.C("cok",{});d[c]=b;a.D("cok",d)}function M

                                                                                                  Chrome Cache Entry: 986

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (42328)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):174834
                                                                                                  Entropy (8bit):5.366364950238219
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Ta1GKTYy+zbe8P/gBjCxa0kDWygi0DUWGJC4gHL:TacK0T76OxkDWyRWG4hHL
                                                                                                  MD5:16BB40D84328918C943D68529E0F575A
                                                                                                  SHA1:7417C0EA8E9F36EAEA17C8C20060284BBC93EB18
                                                                                                  SHA-256:95AF6F179EF86894B5A5349D0CE2AAB0FF0A528391252F911EC564F55A316C70
                                                                                                  SHA-512:87DD2F67FAF77CAFB3227AB8BF5A51BEBEC79D420F2FAA9D9AD37CD2C1F2B4AA9877AAAEBD33954458988DB29ED98BFBB56D62C6A3B309CB3CC78452CEC4B432
                                                                                                  Malicious:false
                                                                                                  Preview:import{i as fs,g as ds,p as Di,e as Li,a as Ii,c as $i,o as hs,f as ps,b as gs,d as ms,h as _s,j as va,k as Ea,l as ya,m as ba,n as Ta,q as Aa,r as wa,s as Ca,t as Sa,u as Na,v as xa,w as Oa,x as Da,y as La,z as Ia,A as $a,B as ka,C as Pa,D as Ma,E as Ra,F as Ha,G as ja,H as Va,I as Wa,J as Fa,K as qa,_ as Ba,L as Ka}from"./createPopper-ba0d1474.js";import{c as Ua,g as Ya}from"./shim-ef4d8a0d.js";/**!. * @fileOverview Kickass library to create and place poppers near their reference elements.. * @version 1.16.1. * @license. * Copyright (c) 2016 Federico Zivolo and contributors. *. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so,

                                                                                                  Chrome Cache Entry: 988

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (42328)
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):174834
                                                                                                  Entropy (8bit):5.366364950238219
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:Ta1GKTYy+zbe8P/gBjCxa0kDWygi0DUWGJC4gHL:TacK0T76OxkDWyRWG4hHL
                                                                                                  MD5:16BB40D84328918C943D68529E0F575A
                                                                                                  SHA1:7417C0EA8E9F36EAEA17C8C20060284BBC93EB18
                                                                                                  SHA-256:95AF6F179EF86894B5A5349D0CE2AAB0FF0A528391252F911EC564F55A316C70
                                                                                                  SHA-512:87DD2F67FAF77CAFB3227AB8BF5A51BEBEC79D420F2FAA9D9AD37CD2C1F2B4AA9877AAAEBD33954458988DB29ED98BFBB56D62C6A3B309CB3CC78452CEC4B432
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/app-b1ead566.js
                                                                                                  Preview:import{i as fs,g as ds,p as Di,e as Li,a as Ii,c as $i,o as hs,f as ps,b as gs,d as ms,h as _s,j as va,k as Ea,l as ya,m as ba,n as Ta,q as Aa,r as wa,s as Ca,t as Sa,u as Na,v as xa,w as Oa,x as Da,y as La,z as Ia,A as $a,B as ka,C as Pa,D as Ma,E as Ra,F as Ha,G as ja,H as Va,I as Wa,J as Fa,K as qa,_ as Ba,L as Ka}from"./createPopper-ba0d1474.js";import{c as Ua,g as Ya}from"./shim-ef4d8a0d.js";/**!. * @fileOverview Kickass library to create and place poppers near their reference elements.. * @version 1.16.1. * @license. * Copyright (c) 2016 Federico Zivolo and contributors. *. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so,

                                                                                                  Chrome Cache Entry: 989

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):493
                                                                                                  Entropy (8bit):7.220417912656917
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TPkZAQ7YhcZNKCdQGvvLP1h5vBeEo6UNN:b/6Ls7YkviGvD/FBeEo6a
                                                                                                  MD5:E60A13AADBB4635DF6189C6B283C62AE
                                                                                                  SHA1:701C17ADF80289BD820AD8ABAA89EC76BB4BA0A0
                                                                                                  SHA-256:EFBF0CF75D4B00BD5A0891A4DE84EE10BD4DC6BDC7E2D33841D37FDF51263F8C
                                                                                                  SHA-512:CBABEE71CDE892AE1CBD6FDD0C005E0AA2471D4608DFCAD02186EB1F375A955B4FCBE22E0F8256E09FD51FABED956F84A284ABE963F8BD99EAB03BF2DCC6650D
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/locales/es.png
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F...sIDATx..MK[A......&i..`...?...J...u..... .\..+A.(.E%~....wf........9.s^.y8Gb..'....E....h.=...7..T)......V.9.._..Y F..1...Tt.!..G...s>"..jm..2.....;..-.;.]bz'4.9Z.+.*..A.4..R...ir.m_.p....ho'4j2C..`....5).....p...i..}._....?...T.P.0&.2*.E............ a..G...p`.....J...m....j,...s..cL.$0.1H}.hN....z.L...j....>c.2b5@.m..C.:.(.|...G.L..8...z@.d....@...J.x..{....J..=.3#.....IEND.B`.

                                                                                                  Chrome Cache Entry: 990

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):350
                                                                                                  Entropy (8bit):6.76690738925168
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:6v/lhPe/6T3AYfvlBuD99bhq50Po71RxywLkVPxJcXSCdSUhwmjX38Vvll7jp:6v/7m/6TlcW50QwpbJcRdhHXMVv/B
                                                                                                  MD5:53BEE57C6F03A66347CF7E5614A00C6A
                                                                                                  SHA1:B20FBF04F244925BD0041E1E445F05C43800C7C1
                                                                                                  SHA-256:BC6C51350976A6CBE7CC8D0D08BD8B4C264070DAD00CB61C0D28355CA28FAE9B
                                                                                                  SHA-512:77023607E4E19E920BF877C7CAB03002D149A8BB1092C525437AE3B70DD8D4774CA9D8A4401A7779AB8307DDC6F9BE2E65720B2A764CDEEA1BE4DB25BE6330DE
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..9N.A.E_..e@....q.R..-8.1W...D.Y....0..Hll!.Y*...~..1%....}...|.@cf.Q.EV.PO...|. ..b....M.ps....R.....E].yo...w.......7.....s0..R?O.o#.....=.eI.v...r.k....N=.. ..`.p..xUl.......W..h4............-.&{'V#.......3..wX.o]......IEND.B`.

                                                                                                  Chrome Cache Entry: 991

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format, TrueType, length 111016, version 0.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):111016
                                                                                                  Entropy (8bit):7.993823383635291
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:3072:R0zYmvxzVK8TApxI52SzaCakH/c8HmQpsKKC:Radvx5NQSzXxcpQpBz
                                                                                                  MD5:278321EDC4A28FC3F2441B1472E9347A
                                                                                                  SHA1:E731F85F4F6FF3EF9CA6E5926B6CC60CA228AF45
                                                                                                  SHA-256:A0BD40FE555A0F74B252615C5A5FD35522AA234008D16E7265961F2CEC586C3B
                                                                                                  SHA-512:F8794AED2B1661F5D3BA93D4E393D8841A0E8FA2A4D0DF91AFC1F782D3C99FE6D7AE8FF64D5007DED5AFF1280AF8F9CEFF7E4A466139808F1AB0A4AFA7AA080B
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Ubuntu-Bold-a0bd40fe.woff
                                                                                                  Preview:wOFF........................................FFTM............t`.GDEF..VX...H...N.y .GPOS.._\..R/..8.DU..GSUB..V.......2H...%OS/2.......\...`.b..cmap.......O....s%.cvt ................fpgm...4.......#v.D.gasp..VH............glyf...P..!0......f|head.......6...6....hhea.......!...$...>hmtx...l...v....l..{loca...|..........n.maxp....... ... ....name..?.........L.M.post..A.......,pG0-.prep.......;.................. _.<...........X.....2.'.V.#................x.c`d``^..A.w........."............................../.Y... ......x.c`fjc..............B3.e.`.....`afcbfby...?.A!...\.}....8~.0s.wg.`^.W..a~.#P...V....f.H4..x.....U.....Evy...k..,.....E6...<.wM.G.A."c8..D..6V8.Z..h.1P...hF.....0N.MLH..J8. ;<.}~..._o.]..|.w...;..>.JF.w6....9$..[.`...H*......_,Y.2..Z9/=.]..Zav..........2P....`....u-..0oH.{..CRl.*..{.O@.....|..FSO..s.A.J.....Vh.....'.e...{9.a)v/...'%e.I.._..3C.........}..l.44m.K.lf.;i.N.P.`......%..0F.]..gu..7....S.06.V...>.@%.k..+.m.!..7.=.~.....hj...........G.....Q

                                                                                                  Chrome Cache Entry: 992

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format, TrueType, length 154464, version 0.0
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):154464
                                                                                                  Entropy (8bit):7.995944401513974
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:3072:K309EuouCqj4JQPSlVj95bYQjQIT9uTCea4o5t35PdveDMznmf9f6YL:Kki3qXKll3sZ88Oe7o57lGDMC3L
                                                                                                  MD5:443722C3048E834EE3AAB2AD86BB6901
                                                                                                  SHA1:0838C7ACE6097EB6A2F8425B6F01587AA16E443E
                                                                                                  SHA-256:36C6BA86248CE14FE5EB358EB50522A2639CA76EDA0459188B8DBB1DE0D1D420
                                                                                                  SHA-512:DEF8236A8F7ECEEEDB0B2E7049137040B513FB42C7D16D64B710D05D890A06D8C9624971075E98E5E4D298332F64C12137E6BCA1E800D112D6B7188E8AF746CF
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/build/assets/Ubuntu-Light-36c6ba86.woff
                                                                                                  Preview:wOFF......[`................................FFTM..[D........t`.GDEF...X...H...N.y .GPOS...H..E......<.GSUB..........2$\HB.OS/2.......\...`....cmap.......O....s%.cvt .......|.....7..fpgm...........#v.D.gasp...H.........!..glyf..!....W..t...3head.......6...6....hhea.......!...$...Lhmtx...l...0....b..Mloca...|.........l..maxp....... ... ....name...`...8.......`post..........,d:#-.prep...t........s.kE.........'6_.<...........X.....2.'.c.<................x.c`d``^..A.w....)...."..-..i.P....................../.Y... ......x.c`f.d.a`e``...........2X0...r3.0.113.<``.................Y.9..3X0/a...0?.....i+P...3....x...l....s.o...V...Ph.....m#..PFe.5$*.!.%...dD.s...#n.-...l..B...pllYqV...r.`.....~.y...|../..9.y..?....R,.;.....f.,....v...*d.].VYh..W........$w.a2.ZiV.......f...........B..^...9J.Z..4....i.H.}X..[.|..<...V....v1.......v.4..5...K2.....U....3xQr.C2.r~.L@...3.....3..^..kRdgK... ...%i...JR.J...w.O...(x.g..*.>.{...7H...,.Y....n.l.&#.b.;._!.&..*......{..vk....P

                                                                                                  Chrome Cache Entry: 993

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):591
                                                                                                  Entropy (8bit):7.294484866286106
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:6v/7m/6TBd52rUSH1CqWmGBRPQ6JDqsJev0fyNNFU29lSg9db1Nzyz:b/61irUgCqWmYPQ6JDqMev0CFU6EydxO
                                                                                                  MD5:7E0C7E1FAE4EEE4DB89B240F1782A87B
                                                                                                  SHA1:4BE7D407D53EED7D17BB27A28CAC78CFCDDAEDD7
                                                                                                  SHA-256:095A1CD83EADD88D14C4C2EA3FA2E3DEB83BD1BAD748016A408F96242E4AC527
                                                                                                  SHA-512:F23B1D151F4A7D512A16E8D731174AD73316DD6C296E837D8B3CCEDBE40D1624533872495663C5183579315903CB80F75016C77BF3BAB63517E94D8C70A06AFB
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR................a....pHYs................ cHRM..z%..............u0...`..:....o._.F....IDATx..MkSA....s.kr.FI.*ADE.. .t#.n...aq..n\.r!.t#.. *..U.QSo.&.;...M.f.z`..8..."..~J.e`a|.S...@.......:!.!p....y..!V..i.@........D!.......~....4.2.9]5..@+......_z....=..^.k.d.PXMV.m..n.Zw....N%,....B.g.l.....B.c4...;...&.\.....'..u.=M.%`.......@....NV.@{=A^...Uh..%?.d#.m.O".*....5B.*.S!_.s..#l9%>.E....$...cQy>....j..[MN.n...q....I..@8.S{0.B...........7.....&E9....uJP. &'..Rj.@k....8......O....?.u.....`.....l$.}.U.7..!...Z.u........&.9......-...?..c..}...;....IEND.B`.

                                                                                                  Chrome Cache Entry: 994

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):4539
                                                                                                  Entropy (8bit):5.313264749154534
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:+wAbQFyFKYqrR5uIb/1GYixIXmKHPVV4s:bquqIbd0xIdPVVv
                                                                                                  MD5:BDBC230A93180B8EE87298A4FD75A5B4
                                                                                                  SHA1:06A47B3841D70CC9A68312071CA3E47A6805612F
                                                                                                  SHA-256:49BF77EBF920F693D43190060CBFE337545CF4158B090ECDE4C82A04DE319065
                                                                                                  SHA-512:C5EC374A4699906CCC082897C9872F20A7846DDEA6BA93DF3A7CA3FCE3D5FBFBA7930E2E023A414991870C8487F96C12B5D6B1078E8D032404BFF259922C7453
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/chrome.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="1 1 176 176"><style>.B{clip-path:url(#C)}.C{fill:#3e2723}.D{fill-opacity:.15}.E{fill-opacity:.2}</style><defs><circle id="A" cx="96" cy="96" r="88"/><path id="B" d="M8 184h83.77l38.88-38.88V116h-69.3L8 24.48z"/></defs><clipPath id="C"><use xlink:href="#A"/></clipPath><g class="B" transform="translate(-7 -7)"><path d="M21.97 8v108h39.4L96 56h88V8z" fill="#db4437"/><linearGradient id="D" x1="29.34" x2="81.84" y1="75.02" y2="44.35" gradientUnits="userSpaceOnUse"><stop stop-color="#a52714" stop-opacity=".6" offset="0"/><stop stop-color="#a52714" stop-opacity="0" offset=".66"/></linearGradient><path d="M21.97 8v108h39.4L96 56h88V8z" fill="url(#D)"/><path d="M62.3 115.6L22.48 47.3l-.58 1 39.54 67.8z" class="C D"/><use xlink:href="#B" fill="#0f9d58"/><linearGradient id="E" x1="110.9" x2="52.54" y1="164.5" y2="130.3" gradientUnits="userSpaceOnUse"><stop stop-color="#055524" stop-opacity=".4" offset="0"/

                                                                                                  Chrome Cache Entry: 995

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):43
                                                                                                  Entropy (8bit):2.7374910194847146
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:CU9yltxlHh/:m/
                                                                                                  MD5:DF3E567D6F16D040326C7A0EA29A4F41
                                                                                                  SHA1:EA7DF583983133B62712B5E73BFFBCD45CC53736
                                                                                                  SHA-256:548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
                                                                                                  SHA-512:B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
                                                                                                  Malicious:false
                                                                                                  URL:https://mc.yandex.com/sync_cookie_image_decide?token=10461.KpjRs16-igE7r79LzmQFgBRTu9RQLY7D-Osbb1rcKPR8PsapNiIg20gCZbLVmwq7DNkc8K4fhAqRWCcARMPuh1rLvlkbDusMiGoCYydkWUY3FNCeviLe_gGmeN3CWco1gZIAUjj6l50KWSgga5cOM0yP9pjz-6HjJC9YXp2q2VX3HEV_U-vgONOF3PIW1L-quq_-CEL4ioXK-kManCe8hbiwnj6oUg8q1dnvDGMbhOY%2C.DddOK-AtFEQZZolp_CtX_lqXOts%2C
                                                                                                  Preview:GIF89a.............!.......,...........D..;

                                                                                                  Chrome Cache Entry: 996

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5672
                                                                                                  Entropy (8bit):4.753085906702781
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:rzJaNHJtaTSJOR2M4SbkXf047E9D7r61NE:R4amJg4e3cZU
                                                                                                  MD5:2560705DEF64A83880F3BB5E0C1231AA
                                                                                                  SHA1:751D82AEF322FBAC8D4B0A9C959783A7594F6A84
                                                                                                  SHA-256:5F8A65914DAD6AD7F864F9E5800523CB2F96B8EFB587C029D4DADDF0A9BCD8EB
                                                                                                  SHA-512:3D7947DB12EDC2AF09FB4B9B7ADDD00499DD2CEFD1B7C0CFFEF11D8C772B45ACDFD0EF675D5562C33713557F1EEAECC55B8C907925193B3118064C686D6CE3D6
                                                                                                  Malicious:false
                                                                                                  Preview:<svg width="347" height="194" fill="none" xmlns="http://www.w3.org/2000/svg"><g clip-path="url(#clip0_3022_582)"><path fill="#000" d="M0 .5h347v193H0z"/><path fill="#C8C8C8" d="M-698.318-50.777h1282.62v186.98h-1282.62z"/><path fill="#A5A5A5" d="M-698.318 136.203h1282.62v675.39h-1282.62z"/><path fill="#A5A5A5" d="M-698.318-50.777h1282.62v862.37h-1282.62z"/><g opacity=".5"><path fill="#001580" d="M-698.318.5h1282.62v193h-1282.62z"/><path fill="url(#paint0_linear_3022_582)" d="M-698.318.5h1282.62v193h-1282.62z"/></g><rect x="-713.986" y="36.069" width="1023.91" height="854.805" rx="10" fill="#DEE1E6"/><path fill="#fff" d="M-660.272 134.939H309.92v755.935h-970.192zm643.589-78.551c0-5.523 4.477-10 10-10h211.075c5.523 0 10 4.477 10 10v32.94H-16.683v-32.94z"/><path fill="#fff" d="M213.986 67.858h28.742v21.47h-28.742z"/><rect x="214.391" y="46.202" width="53.609" height="42.941" rx="10" fill="#DEE1E6"/><path fill-rule="evenodd" clip-rule="evenodd" d="M242.848 60.066c-.701 0-1.268.568-1.268 1.2

                                                                                                  Chrome Cache Entry: 997

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:dropped
                                                                                                  Size (bytes):6664
                                                                                                  Entropy (8bit):4.480339382553776
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:4vTJQxyS7UBW7VXxlLVIIQ4FUf36ix4if0c:4vTJQVBxDg/gc0c
                                                                                                  MD5:41941E0CF9D326FB80D23912D6A0398E
                                                                                                  SHA1:1E5C082FA1DC87D0BD1E0ED1F8C05DB4B1FC557F
                                                                                                  SHA-256:E95FC32B39FC05DEF9509871FE71DFD14B687D693848C635F31C798F2D6A34D6
                                                                                                  SHA-512:5B51284DFA384DB502E2CD552E4493B17AF9C3327FEE093D0C2BD45CA03065588A1A1F70644B49642D7543C0B48C1B57E0F153D4291AF1250B145FD61501B24D
                                                                                                  Malicious:false
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 484 427">. <g opacity=".5" style="mix-blend-mode:multiply">. <circle cx="237.862" cy="188.862" r="236.362" fill="#2640AD" stroke="#1A2E9F" stroke-width="3"/>. <circle cx="237.862" cy="188.862" r="165.003" fill="#2640AD" stroke="#1A2E9F" stroke-width="3"/>. <mask id="a" width="472" height="472" x="2" y="-47" maskUnits="userSpaceOnUse" style="mask-type:alpha">. <path fill="#000" fill-rule="evenodd" d="M238 424.344c130.053 0 235.483-105.429 235.483-235.483 0-130.053-105.43-235.483-235.483-235.483-130.054 0-235.483 105.43-235.483 235.483 0 130.054 105.429 235.483 235.483 235.483Zm.002-70.645c91.038 0 164.838-73.8 164.838-164.838 0-91.037-73.8-164.838-164.838-164.838S73.164 97.823 73.164 188.861s73.8 164.838 164.838 164.838Z" clip-rule="evenodd"/>. </mask>. <g fill="#1A2E9F" mask="url(#a)">. <path d="M.139-49h237.723v238.56H.139zM238.14 189.574h237.723v238.56H238.14z"/>. </g>. <circle cx="237.86

                                                                                                  Chrome Cache Entry: 998

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):4093
                                                                                                  Entropy (8bit):4.979920058615477
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:O84kp6cgmC1NvACu8EHi3u8EH99pR3dQapR3dOdwsw8:sk/Ci8uie8u99pRNQapRNOdwsw8
                                                                                                  MD5:500A4C15993CEAD09BA4B8D840F18A26
                                                                                                  SHA1:32CD0834ACB05B829ED4CD1DC210E163CBC3D0EE
                                                                                                  SHA-256:03CB60F63C1A5F6816870A3DAEB9F87245B1526364295ECB939A2B25B83C2E83
                                                                                                  SHA-512:3FC747FBC0CB954CA28E3336C2DD56784984948A27275D831DABF5B8CC7E042FC21FF08DE796C04EE827D17CB6C3D6B900BE87C210B3E10B57F9EBDFCE06F9DF
                                                                                                  Malicious:false
                                                                                                  URL:https://multipassword.com/images/site/icons/browsers/edge.svg
                                                                                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 256 256"><defs><radialGradient id="b" cx="161.83" cy="68.91" r="95.38" gradientTransform="matrix(1 0 0 -.95 0 248.84)" gradientUnits="userSpaceOnUse"><stop offset=".72" stop-opacity="0"/><stop offset=".95" stop-opacity=".53"/><stop offset="1"/></radialGradient><radialGradient id="d" cx="-340.29" cy="62.99" r="143.24" gradientTransform="matrix(.15 -.99 -.8 -.12 176.64 -125.4)" gradientUnits="userSpaceOnUse"><stop offset=".76" stop-opacity="0"/><stop offset=".95" stop-opacity=".5"/><stop offset="1"/></radialGradient><radialGradient id="e" cx="113.37" cy="570.21" r="202.43" gradientTransform="matrix(-.04 1 2.13 .08 -1179.54 -106.69)" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#35c1f1"/><stop offset=".11" stop-color="#34c1ed"/><stop offset=".23" stop-color="#2fc2df"/><stop offset=".31" stop-color="#2bc3d2"/><stop offset=".67" stop-color="#36c752"/></radialGradient><radialGradient id="f" cx="376.52" cy="567.97" r="97.34"

                                                                                                  Chrome Cache Entry: 999

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 77400, version 331.17301
                                                                                                  Category:downloaded
                                                                                                  Size (bytes):77400
                                                                                                  Entropy (8bit):7.9968620605366425
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:1536:LLPonYtLc/wS9cVIxYBZVkcvn0WjfmuK3HQeGzLBMNc:LLP29KIwG8npVeGzD
                                                                                                  MD5:CAC68C831145804808381A7032FDC7C2
                                                                                                  SHA1:62584B9868428FD75AF3FC5EE2F9918DDA428BE5
                                                                                                  SHA-256:1C87D2B26DE7D55C66037916BBB4CBA6C791DA0E2ADFA378332678FF13E12D9D
                                                                                                  SHA-512:8671036B2E8F56946CCB8ACACB7C646439D0FEDDE7387A748B3C20DD0E233C3594F3D1431A0987CF6BFB4BC7D2CE904D08DCA23DDF09B29C73727DAAD3D7801B
                                                                                                  Malicious:false
                                                                                                  URL:https://use.fontawesome.com/releases/v5.14.0/webfonts/fa-brands-400.woff2
                                                                                                  Preview:wOF2.......X..........-..KC.....................?FFTM....`..r.....$....6.$........ .....{[..q...K...b..}..t.O0#...DE.bM.8f.l...H.g....#..M...6.........h`nAb..!....jo...7(0..If0.d...P....9...b......o.tU795.y.....W.......beh..?:.O.....3<;gj..(l.l-s%.%...7q.TI.T...._...a..aZ..+.$Ux..Q34...F.'.4$.1.%....p&..Z.fa.3.....b..1P.=~a.....H.8.f...j.!/~...T9...R...Aj.-..S.......2.K4:o.....~..G.<.U\.ID.hn.".T ........A...Q...t...5.....o......+$..`I...I,.MT..OtH.._1O...H.T!.aM.*..*..2.....r.O..]...+}.ow.g8N.`f._s.8...H....'.3..Y.Y~C..f.r/.;.$..K"/.H.4.$.L......z+_./M.......9..gyI.D..%i*hR.#UZhj.......(2lc+6QdL.......&....)..y.4...7..K[i...N.i;..I..<I7.<.x.......r.A...n.H8....................",.......w..T%/. T=R`@./_a.{..?/3...P..?.T.j....?.eU.7s.....\.3^.(...G.us~.=>.W.&...*..0;..v.0..AmJ.S.A.j.{.......e....3.`6h*.$..A.w...y]-]I%..qz.'..~..rfN..@M..........h.....D...h......-...wU.`.)4.%G..)@?...a....7..fy...6.4HV.7.,+`......q..G.|.....wW.....;..0^.,C.0..!.6Qt....Yl..

                                                                                                  \Device\Mailslot\opera_installer\C:\Users\user\AppData\Local\Programs\Opera GX

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32
                                                                                                  Entropy (8bit):3.4772170014624826
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:alXtRBXFIvCOt:aldTXFcz
                                                                                                  MD5:B8F4AE17649F67195291A85DE16B561D
                                                                                                  SHA1:1800356941EAFADF247EA9932A02FFEC6C4E4B4C
                                                                                                  SHA-256:0FD98AA12C34794DABD32375F4B14B207D4840359AB571D278D2ED490BDDE75A
                                                                                                  SHA-512:F640756A1233CC9596AA273C2A4A0296D7F87788486956F8319C4521F27957201DCBA805A7D994B3EAA12249645D5A4B28134C91FE3A4062891612115A941DAC
                                                                                                  Malicious:false
                                                                                                  Preview:........:Installer message:.....

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):6.789397310391007
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.81%
                                                                                                  • Windows ActiveX control (116523/4) 1.15%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  File size:7'758'000 bytes
                                                                                                  MD5:ac5ffc6e945471ce5e631f5fa8853d5a
                                                                                                  SHA1:78f51682ec3d075aa90f49fe934ec77680d1e37a
                                                                                                  SHA256:5a5a8ea05ccbc2cf33b2ffa7b09a725cabfa86bac080458f4f80a572bae83aec
                                                                                                  SHA512:7e3ca0bdcbb45714765931df34f94fc66df83292c6b77f1681203130f393abcd31ff77c36df887bd78d1317daac7b80308f46916608bd076d37da9066dbae45e
                                                                                                  SSDEEP:196608:G8W5qsNKXzWYMk1xL4uNTxbY09a7bK5jK2e:G8WgsLYMk1d4kFY7mE
                                                                                                  TLSH:36767C107685C522D2B141B0DD69EBAB43797D2D6FF284EBB1841BED24312D33932B6E
                                                                                                  File Content Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........\B..=,..=,..=,..V/..=,..V).$=,..R...=,..H(..=,..H/..=,..H)..=,..a...=,..V(..=,..V*..=,..=,..=,.0H)..<,..V-..=,..=-.2?,.0H(..<,

                                                                                                  File Icon

                                                                                                  Icon Hash:0f33d470d054130e

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x803442
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:true
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x66B22CFF [Tue Aug 6 14:02:39 2024 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:6
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:6
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:6
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:b54086d871acfbc137fab65ba145f30d

                                                                                                  Authenticode Signature

                                                                                                  Signature Valid:true
                                                                                                  Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                  Error Number:0
                                                                                                  Not Before, Not After
                                                                                                  • 18/10/2023 14:27:26 18/10/2024 14:27:26
                                                                                                  Subject Chain
                                                                                                  • E=support@rostpay.ru, CN=\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \u0420\u041e\u0421\u0422\u041f\u042d\u0419, O=\u041e\u0411\u0429\u0415\u0421\u0422\u0412\u041e \u0421 \u041e\u0413\u0420\u0410\u041d\u0418\u0427\u0415\u041d\u041d\u041e\u0419 \u041e\u0422\u0412\u0415\u0422\u0421\u0422\u0412\u0415\u041d\u041d\u041e\u0421\u0422\u042c\u042e \u0420\u041e\u0421\u0422\u041f\u042d\u0419, STREET="\u041f\u0415\u0420. \u0414\u041e\u041b\u041e\u041c\u0410\u041d\u041e\u0412\u0421\u041a\u0418\u0419, \u0414.70 \u041a.\u0414, \u041a\u0412.1(10 \u042d\u0422\u0410\u0416)", L=\u0420\u043e\u0441\u0442\u043e\u0432-\u043d\u0430-\u0414\u043e\u043d\u0443, S=\u0420\u043e\u0441\u0442\u043e\u0432\u0441\u043a\u0430\u044f \u043e\u0431\u043b\u0430\u0441\u0442\u044c, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Rostov Oblast, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1086168004669, OID.2.5.4.15=Private Organization
                                                                                                  Version:3
                                                                                                  Thumbprint MD5:5DF9B3CAFBB5C968D29FEBDE05012587
                                                                                                  Thumbprint SHA-1:5D3831FCE274BD4312AFCB10BEDF5D55671DB13F
                                                                                                  Thumbprint SHA-256:4AEC7C4E777911957901C717B4F2CA2FF01F4C5C301292E69001F38D208E389B
                                                                                                  Serial:7F16E036277B43F3E58C3CA8

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  call 00007F059CDCAECEh
                                                                                                  jmp 00007F059CDC9CEFh
                                                                                                  jmp 00007F059CA65A94h
                                                                                                  push ebp
                                                                                                  mov ebp, esp
                                                                                                  pop ebp
                                                                                                  jmp 00007F059CDC96A0h
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  int3
                                                                                                  push edi
                                                                                                  push esi
                                                                                                  push ebx
                                                                                                  xor edi, edi
                                                                                                  mov eax, dword ptr [esp+14h]
                                                                                                  or eax, eax
                                                                                                  jnl 00007F059CDC9E86h
                                                                                                  inc edi
                                                                                                  mov edx, dword ptr [esp+10h]
                                                                                                  neg eax
                                                                                                  neg edx
                                                                                                  sbb eax, 00000000h
                                                                                                  mov dword ptr [esp+14h], eax
                                                                                                  mov dword ptr [esp+10h], edx
                                                                                                  mov eax, dword ptr [esp+1Ch]
                                                                                                  or eax, eax
                                                                                                  jnl 00007F059CDC9E86h
                                                                                                  inc edi
                                                                                                  mov edx, dword ptr [esp+18h]
                                                                                                  neg eax
                                                                                                  neg edx
                                                                                                  sbb eax, 00000000h
                                                                                                  mov dword ptr [esp+1Ch], eax
                                                                                                  mov dword ptr [esp+18h], edx
                                                                                                  or eax, eax
                                                                                                  jne 00007F059CDC9E8Ah
                                                                                                  mov ecx, dword ptr [esp+18h]
                                                                                                  mov eax, dword ptr [esp+14h]
                                                                                                  xor edx, edx
                                                                                                  div ecx
                                                                                                  mov ebx, eax
                                                                                                  mov eax, dword ptr [esp+10h]
                                                                                                  div ecx
                                                                                                  mov edx, ebx
                                                                                                  jmp 00007F059CDC9EB3h
                                                                                                  mov ebx, eax
                                                                                                  mov ecx, dword ptr [esp+18h]
                                                                                                  mov edx, dword ptr [esp+14h]
                                                                                                  mov eax, dword ptr [esp+10h]
                                                                                                  shr ebx, 1
                                                                                                  rcr ecx, 1
                                                                                                  shr edx, 1
                                                                                                  rcr eax, 1
                                                                                                  or ebx, ebx
                                                                                                  jne 00007F059CDC9E66h
                                                                                                  div ecx
                                                                                                  mov esi, eax
                                                                                                  mul dword ptr [esp+1Ch]
                                                                                                  mov ecx, eax
                                                                                                  mov eax, dword ptr [esp+18h]
                                                                                                  mul esi
                                                                                                  add edx, ecx
                                                                                                  jc 00007F059CDC9E80h
                                                                                                  cmp edx, dword ptr [esp+14h]
                                                                                                  jnbe 00007F059CDC9E7Ah
                                                                                                  jc 00007F059CDC9E79h
                                                                                                  cmp eax, dword ptr [esp+10h]
                                                                                                  jbe 00007F059CDC9E73h
                                                                                                  dec esi
                                                                                                  xor edx, edx
                                                                                                  mov eax, esi
                                                                                                  dec edi
                                                                                                  jne 00007F059CDC9E79h
                                                                                                  neg edx
                                                                                                  neg eax
                                                                                                  sbb edx, 00000000h
                                                                                                  pop ebx
                                                                                                  pop esi
                                                                                                  pop edi
                                                                                                  retn 0010h

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x6594f40x17c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xaab0000x96438.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x7636000x2ab0.data
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb420000x580f8.reloc
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x5f55100x1c.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x5f56000x18.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5f55300x40.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x48d0000x9c8.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x48b35c0x48b40004156e6772278d3e5901876325aefcedunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .rdata0x48d0000x1cfb740x1cfc007f823e52eec350526a7727da50d59602False0.2336516593665768data5.744142194494479IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0x65d0000x44d3480x19a00e3c37eb00a74283a748f75070e589fdbunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .rsrc0xaab0000x964380x96600c40e8dcc1ece05d0ab97939158296d7eFalse0.8235125077930174data7.7746653259075345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .reloc0xb420000x580f80x58200f57d83129dd3f3f2d51680807dc5605aFalse0.4577543218085106data6.591185200866143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                  DISTR0xb1f4400x9457Zip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0005529953917052
                                                                                                  DISTR0xb310880x26ebZip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0011040851149253
                                                                                                  DISTR0xb337780xd9e6Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States1.0004661001756838
                                                                                                  DISTR0xadb5980x43ea1Zip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0003091556814545
                                                                                                  DISTR0xb288980x87ebZip archive data, at least v6.3 to extract, compression method=lzmaEnglishUnited States1.0006035349906597
                                                                                                  MOFILE0xabf7680x18b2GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_be.po (DriverHub) #-#-#-#-# '\320\237\321\200\321\213\320\275\321\217\321\206\321\214'EnglishUnited States0.44305599493831066
                                                                                                  MOFILE0xac10200x1317GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_cs.po (DriverHub) #-#-#-#-# 'P\305\231ijmout'EnglishUnited States0.49478207489257214
                                                                                                  MOFILE0xac23380x1295GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_da.po (DriverHub) #-#-#-#-# 'Accepter'EnglishUnited States0.47256674374605845
                                                                                                  MOFILE0xac35d00x1392GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_de.po (DriverHub) #-#-#-#-# 'Annehmen'EnglishUnited States0.4754491017964072
                                                                                                  MOFILE0xabf5d80x18dGNU message catalog (little endian), revision 0.0, 1 message, #-#-#-#-# DriverHub_en.po (DriverHub) #-#-#-#-#EnglishUnited States0.48614609571788414
                                                                                                  MOFILE0xac49680x1353GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_es.po (DriverHub) #-#-#-#-# 'Aceptar'EnglishUnited States0.46654538103901355
                                                                                                  MOFILE0xac5cc00x126cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_fi.po (DriverHub) #-#-#-#-# 'Hyv\303\244ksy'EnglishUnited States0.48876166242578456
                                                                                                  MOFILE0xac6f300x1362GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_fr.po (DriverHub) #-#-#-#-# 'Accepter'EnglishUnited States0.4703748488512696
                                                                                                  MOFILE0xac82980x137cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_hu.po (DriverHub) #-#-#-#-# 'Elfogad\303\241s'EnglishUnited States0.49358460304731355
                                                                                                  MOFILE0xac96180x134cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_it.po (DriverHub) #-#-#-#-# 'Accetta'EnglishUnited States0.4645748987854251
                                                                                                  MOFILE0xaca9680x15e7GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_ja.po (DriverHub) #-#-#-#-# '\346\211\277\350\252\215'EnglishUnited States0.4701266274299982
                                                                                                  MOFILE0xacd2c80x1861GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_kk.po (DriverHub) #-#-#-#-# '\322\232\320\260\320\261\321\213\320\273\320\264\320\260\321\203'EnglishUnited States0.42941836244191633
                                                                                                  MOFILE0xacbf500x1375GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_ko.po (DriverHub) #-#-#-#-# '\353\217\231\354\235\230'EnglishUnited States0.49809275245934553
                                                                                                  MOFILE0xaceb300x12a1GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_nb.po (DriverHub) #-#-#-#-# 'Akspetere'EnglishUnited States0.4835395261061019
                                                                                                  MOFILE0xacfdd80x130eGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_nl.po (DriverHub) #-#-#-#-# 'Accepteren'EnglishUnited States0.4665846658466585
                                                                                                  MOFILE0xad10e80x13afGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_pl.po (DriverHub) #-#-#-#-# 'Akceptuj'EnglishUnited States0.4943441158960111
                                                                                                  MOFILE0xad24980x131dGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_pt.po (DriverHub) #-#-#-#-# 'Aceitar'EnglishUnited States0.47087676272225626
                                                                                                  MOFILE0xad37b80x1763GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_ru.po (DriverHub) #-#-#-#-# '\320\237\321\200\320\270\320\275\321\217\321\202\321\214'EnglishUnited States0.4346083180223818
                                                                                                  MOFILE0xad4f200x13c3GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_sk.po (DriverHub) #-#-#-#-# 'Prija\305\245'EnglishUnited States0.49100612769322
                                                                                                  MOFILE0xad62e80x12d2GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_sv.po (DriverHub) #-#-#-#-# 'Acceptera'EnglishUnited States0.46824408468244083
                                                                                                  MOFILE0xad75c00x12f7GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_tr.po (DriverHub) #-#-#-#-# 'Kabul Et'EnglishUnited States0.4920700308959835
                                                                                                  MOFILE0xad88b80x1891GNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_uk.po (DriverHub) #-#-#-#-# '\320\237\321\200\320\270\320\271\320\275\321\217\321\202\320\270'EnglishUnited States0.43536333280330736
                                                                                                  MOFILE0xada1500x113cGNU message catalog (little endian), revision 0.0, 43 messages, #-#-#-#-# DriverHub_zh.po (DriverHub) #-#-#-#-# '\346\216\245\345\217\227'EnglishUnited States0.5475974614687217
                                                                                                  RT_ICON0xaabcb00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.8085106382978723
                                                                                                  RT_ICON0xaac1180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.6893442622950819
                                                                                                  RT_ICON0xaacaa00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.5968574108818011
                                                                                                  RT_ICON0xaadb480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.4358921161825726
                                                                                                  RT_ICON0xab00f00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.3530940009447331
                                                                                                  RT_ICON0xab43180x7bfcPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0005040957781979
                                                                                                  RT_RCDATA0xabc5b80x104PNG image data, 7 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0076923076923077
                                                                                                  RT_RCDATA0xabc4f80xbcPNG image data, 14 x 11, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9893617021276596
                                                                                                  RT_RCDATA0xabc0000x113PNG image data, 10 x 10, 8-bit/color RGBA, non-interlacedEnglishUnited States1.018181818181818
                                                                                                  RT_RCDATA0xabc1180x3dbPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States0.6524822695035462
                                                                                                  RT_RCDATA0xabc6c00x136PNG image data, 14 x 9, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0225806451612902
                                                                                                  RT_RCDATA0xabbf780x87PNG image data, 12 x 2, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9777777777777777
                                                                                                  RT_RCDATA0xabc7f80x21ffPNG image data, 114 x 114, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001263931977479
                                                                                                  RT_RCDATA0xabe9f80xbdaPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0036255767963085
                                                                                                  RT_GROUP_ICON0xabbf180x5adataEnglishUnited States0.7777777777777778
                                                                                                  RT_VERSION0xadb2900x308dataEnglishUnited States0.4536082474226804
                                                                                                  RT_MANIFEST0xb411600x2d4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4972375690607735

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  bcrypt.dllBCryptCreateHash, BCryptFinishHash, BCryptEncrypt, BCryptCloseAlgorithmProvider, BCryptHashData, BCryptOpenAlgorithmProvider, BCryptDestroyHash, BCryptGenRandom, BCryptDestroyKey, BCryptDeriveKeyPBKDF2, BCryptSetProperty, BCryptGetProperty, BCryptGenerateSymmetricKey
                                                                                                  WINHTTP.dllWinHttpReceiveResponse, WinHttpQueryHeaders, WinHttpOpenRequest, WinHttpSendRequest, WinHttpSetOption, WinHttpQueryDataAvailable, WinHttpReadData, WinHttpConnect, WinHttpCloseHandle, WinHttpOpen
                                                                                                  KERNEL32.dllWaitForSingleObjectEx, GetFileInformationByHandleEx, AreFileApisANSI, SetFileInformationByHandle, SetEndOfFile, GetFullPathNameW, FindFirstFileExW, CreateDirectoryW, GetCurrentDirectoryW, FormatMessageA, GetStringTypeW, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, InitializeCriticalSectionEx, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableCS, SleepConditionVariableSRW, InitOnceBeginInitialize, InitOnceComplete, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, GetUserDefaultUILanguage, EncodePointer, DecodePointer, CompareStringEx, LCMapStringEx, SetThreadLocale, IsBadStringPtrA, IsBadReadPtr, QueryPerformanceFrequency, QueryPerformanceCounter, GetLogicalDriveStringsW, GetDriveTypeW, FindNextFileW, CreateThread, WaitForMultipleObjects, CopyFileW, CreateEventW, SetEvent, GetCPInfo, IsValidCodePage, InitializeCriticalSectionAndSpinCount, ResetEvent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, InitializeSListHead, GetNativeSystemInfo, GetVersionExW, IsDebuggerPresent, GetEnvironmentVariableW, OutputDebugStringW, GetTempFileNameW, GetLongPathNameW, FindFirstFileW, FindClose, GetCurrentProcessId, GetTempPathW, GetCommandLineW, RtlUnwind, LoadLibraryExW, ExitThread, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, GetCurrentThread, Sleep, TryEnterCriticalSection, RaiseException, GetSystemTimeAsFileTime, CreateMutexW, GetThreadLocale, GetLocaleInfoW, GetACP, EnumResourceNamesW, FormatMessageW, SetErrorMode, SetCurrentDirectoryW, GlobalFree, GlobalHandle, GlobalSize, GlobalLock, GlobalUnlock, GlobalAlloc, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, LoadLibraryW, FreeLibrary, GetCurrentThreadId, ExitProcess, SetLastError, MulDiv, ReadConsoleOutputCharacterA, SetConsoleCursorPosition, InitializeSRWLock, GetConsoleScreenBufferInfo, FillConsoleOutputCharacterW, WriteConsoleW, WriteConsoleA, AttachConsole, FreeConsole, GetStdHandle, GetModuleFileNameW, WideCharToMultiByte, SetFilePointerEx, ReadFile, GetFileTime, GetFileSizeEx, LocalFree, GetTickCount, WriteFile, GetFileType, CreateFileW, GetFileAttributesW, SetFileAttributesW, GetFileAttributesExW, DeleteFileW, MoveFileExW, MultiByteToWideChar, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, QueryFullProcessImageNameW, OpenProcess, TerminateProcess, FindResourceW, SizeofResource, LockResource, LoadResource, ExpandEnvironmentStringsW, GetProcAddress, GetModuleHandleW, IsWow64Process, CreateProcessW, GetCurrentProcess, WaitForSingleObject, GetLastError, CloseHandle, FreeLibraryAndExitThread, GetTimeZoneInformation, SetStdHandle, FlushFileBuffers, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, HeapFree, HeapReAlloc, HeapAlloc, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetCommandLineA, GetProcessHeap, IsProcessorFeaturePresent, HeapSize
                                                                                                  USER32.dllCreateAcceleratorTableW, DestroyCursor, SetMenuItemInfoW, InsertMenuItemW, SetMenuInfo, RemoveMenu, ModifyMenuW, AppendMenuW, InsertMenuW, GetSubMenu, DestroyMenu, CreatePopupMenu, CreateMenu, GetMenuState, ValidateRect, PostThreadMessageW, GetMessageW, GetClassNameW, MessageBeep, GetWindowTextW, SetActiveWindow, HideCaret, GetWindowTextLengthW, DestroyAcceleratorTable, IsMenu, GetComboBoxInfo, DrawIconEx, SetRectEmpty, SetRect, DrawStateW, DestroyIcon, DrawFocusRect, DrawTextW, CreateIconIndirect, GetWindowDC, BeginPaint, EndPaint, UnionRect, GetDesktopWindow, ChildWindowFromPoint, DrawEdge, DrawFrameControl, CheckMenuItem, GetMenuItemID, CheckMenuRadioItem, RegisterClipboardFormatW, GetClipboardFormatNameW, wsprintfW, ChangeDisplaySettingsExW, EnumDisplaySettingsW, MonitorFromPoint, EnumDisplayMonitors, TranslateAcceleratorW, GetDoubleClickTime, GetCaretBlinkTime, ValidateRgn, keybd_event, IsRectEmpty, GetIconInfo, SetTimer, LoadIconW, LoadBitmapW, FindWindowExW, SetMenu, PostMessageW, RegisterWindowMessageW, GetMonitorInfoW, MonitorFromWindow, GetSysColorBrush, CopyRect, SetWindowRgn, GetDlgItem, CreateDialogParamW, SystemParametersInfoW, GetScrollInfo, SetScrollInfo, IsDialogMessageW, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetWindow, SetParent, GetParent, PtInRect, InflateRect, FillRect, GetSysColor, ChildWindowFromPointEx, WindowFromPoint, MapWindowPoints, ScreenToClient, ClientToScreen, GetCursorPos, SetCursor, SetCursorPos, GetWindowRect, GetClientRect, EnableScrollBar, ScrollWindow, RedrawWindow, InvalidateRect, IsClipboardFormatAvailable, AdjustWindowRectEx, ShowCursor, DdeInitializeW, DdeUninitialize, DdeConnect, DdeDisconnect, DdePostAdvise, DdeNameService, DdeClientTransaction, DdeCreateDataHandle, DdeGetData, DdeFreeDataHandle, DdeGetLastError, DdeCreateStringHandleW, DdeQueryStringW, DdeFreeStringHandle, GetUpdateRgn, UpdateWindow, GetMenuItemInfoW, TrackPopupMenu, GetMenuItemCount, GetSystemMetrics, IsWindowEnabled, EnableWindow, ReleaseCapture, SetCapture, GetCapture, MapVirtualKeyW, VkKeyScanW, GetAsyncKeyState, GetFocus, GetActiveWindow, SetFocus, IsWindowVisible, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, AnimateWindow, IsWindow, CallWindowProcW, PostQuitMessage, MsgWaitForMultipleObjects, GetMessageTime, GetMessagePos, UnregisterHotKey, RegisterHotKey, PeekMessageW, DispatchMessageW, TranslateMessage, ReleaseDC, GetDC, SetWindowLongW, GetWindowLongW, SetWindowTextW, SetForegroundWindow, EnableMenuItem, GetSystemMenu, DrawMenuBar, GetDialogBaseUnits, CreateDialogIndirectParamW, IsZoomed, BringWindowToTop, KillTimer, LoadImageW, IsIconic, GetWindowPlacement, SetWindowPos, MoveWindow, FlashWindowEx, SetLayeredWindowAttributes, ShowWindow, DestroyWindow, CreateWindowExW, DefWindowProcW, SendMessageW, LoadCursorW, GetProcessDefaultLayout, MessageBoxW, UnregisterClassW, RegisterClassW, GetKeyState, OffsetRect
                                                                                                  GDI32.dllSetPolyFillMode, StretchBlt, StretchDIBits, SetROP2, SetStretchBltMode, GetWorldTransform, SetWorldTransform, ModifyWorldTransform, ExtTextOutW, CreatePolygonRgn, DPtoLP, LPtoDP, Polygon, Polyline, PolyBezier, SetViewportExtEx, SetWindowExtEx, SetWindowOrgEx, GetBkColor, LineTo, MoveToEx, GetTextExtentPoint32W, CombineRgn, EqualRgn, GetRgnBox, PtInRegion, RectInRegion, CreatePalette, GetNearestPaletteIndex, SetPixel, CreateRectRgnIndirect, GetCharABCWidthsW, GetTextExtentExPointW, CreateICW, CreateDIBitmap, GetDIBits, CreateDIBSection, GetDIBColorTable, SetDIBColorTable, CreateDCW, GetSystemPaletteEntries, SetViewportOrgEx, CloseEnhMetaFile, CreateEnhMetaFileW, DeleteEnhMetaFile, GetEnhMetaFileW, GetEnhMetaFileHeader, PlayEnhMetaFile, EnumFontFamiliesExW, SetAbortProc, StartDocW, EndDoc, StartPage, EndPage, GetLayout, SetLayout, SetMapMode, SetGraphicsMode, ExtSelectClipRgn, RoundRect, SelectClipRgn, Rectangle, PolyPolygon, Pie, MaskBlt, GetPixel, GetObjectType, GetClipBox, ExtFloodFill, Ellipse, Arc, ExtCreatePen, CreatePen, CreateFontIndirectW, DeleteObject, GetDeviceCaps, GetOutlineTextMetricsW, SelectObject, GetTextMetricsW, CreateRectRgn, ExcludeClipRect, RealizePalette, SetBrushOrgEx, SelectPalette, GdiFlush, ExtCreateRegion, GetRegionData, OffsetRgn, GetObjectW, BitBlt, CreateBitmap, CreateBitmapIndirect, CreateCompatibleBitmap, CreateCompatibleDC, DeleteDC, SetBkColor, SetBkMode, SetTextColor, CreateSolidBrush, GetGraphicsMode, GetViewportExtEx, GetWindowExtEx, CreateHatchBrush, GetPaletteEntries, GetStockObject, CreatePatternBrush
                                                                                                  COMDLG32.dllGetOpenFileNameW, PageSetupDlgW, PrintDlgW, CommDlgExtendedError, ChooseFontW, GetSaveFileNameW
                                                                                                  WINSPOOL.DRVGetPrinterW, DocumentPropertiesW, ClosePrinter, OpenPrinterW
                                                                                                  SHELL32.dllSHGetFolderPathW, CommandLineToArgvW, SHGetFileInfoW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetMalloc, ExtractIconExW, ExtractIconW, DragAcceptFiles, DragFinish, DragQueryPoint, DragQueryFileW, SHGetKnownFolderPath, ShellExecuteExW, ShellExecuteW
                                                                                                  SHLWAPI.dllSHAutoComplete, PathMatchSpecW, AssocQueryStringW
                                                                                                  COMCTL32.dllImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_ReplaceIcon, ImageList_Copy, ImageList_GetImageInfo, ImageList_GetIconSize, ImageList_Remove, ImageList_Replace, ImageList_Draw, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                  ole32.dllCoInitializeEx, CoCreateInstance, CoTaskMemFree, CoTaskMemAlloc, OleInitialize, RevokeDragDrop, OleSetContainedObject, CoUninitialize, OleRun, OleLockRunning, CoLockObjectExternal, RegisterDragDrop, ReleaseStgMedium, OleSetClipboard, OleGetClipboard, OleFlushClipboard, OleIsCurrentClipboard, OleUninitialize
                                                                                                  OLEAUT32.dllSysFreeString, SafeArrayCreate, SafeArrayDestroy, SafeArrayPtrOfIndex, VariantInit, SysStringLen, VariantClear, SafeArrayUnlock, SafeArrayLock, VarBstrFromCy, SafeArrayGetVartype, VariantTimeToSystemTime, SystemTimeToVariantTime, SysAllocString
                                                                                                  RPCRT4.dllUuidToStringW, RpcStringFreeW
                                                                                                  ADVAPI32.dllGetUserNameW, RegEnumValueW, RegEnumKeyW, RegDeleteKeyW, GetSecurityInfo, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyExW, RegCreateKeyExW, RegCloseKey, FreeSid, CheckTokenMembership, AllocateAndInitializeSid
                                                                                                  VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                  OLEACC.dllLresultFromObject
                                                                                                  UxTheme.dllGetThemeMargins, GetCurrentThemeName, GetThemeBackgroundExtent, IsThemePartDefined, SetWindowTheme, GetThemeSysFont, GetThemeSysColor, GetThemeInt, GetThemePartSize, GetThemeFont, IsAppThemed, IsThemeActive, CloseThemeData, DrawThemeParentBackground, GetThemeColor, IsThemeBackgroundPartiallyTransparent, GetThemeBackgroundContentRect, DrawThemeBackground, OpenThemeData
                                                                                                  MSIMG32.dllAlphaBlend, GradientFill

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:06:22:58
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5511.32425.5112.exe"
                                                                                                  Imagebase:0x5d0000
                                                                                                  File size:7'758'000 bytes
                                                                                                  MD5 hash:AC5FFC6E945471CE5E631F5FA8853D5A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:06:23:24
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart
                                                                                                  Imagebase:0x690000
                                                                                                  File size:13'853'648 bytes
                                                                                                  MD5 hash:9882A328C8414274555845FA6B542D1E
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:06:23:24
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\Temp\{4CE1CC74-ED5B-4237-BACF-9346835388A1}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\user\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532 /quiet /norestart
                                                                                                  Imagebase:0x8f0000
                                                                                                  File size:650'080 bytes
                                                                                                  MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:06:23:25
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\Temp\{9C88F139-E98B-47CF-9FCD-569B86DFE076}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{C5045546-B7FD-4832-9136-56B66BF2BB8B} {DC18713B-4B15-42EE-96B9-503491E8A295} 2300
                                                                                                  Imagebase:0xde0000
                                                                                                  File size:650'080 bytes
                                                                                                  MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:10
                                                                                                  Start time:06:23:41
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\System32\SrTasks.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
                                                                                                  Imagebase:0x7ff75c910000
                                                                                                  File size:59'392 bytes
                                                                                                  MD5 hash:2694D2D28C368B921686FE567BD319EB
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:11
                                                                                                  Start time:06:23:41
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:12
                                                                                                  Start time:06:23:42
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                  Imagebase:0x7ff6ddf80000
                                                                                                  File size:69'632 bytes
                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:16
                                                                                                  Start time:06:23:55
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" /burn.runonce
                                                                                                  Imagebase:0x3a0000
                                                                                                  File size:650'080 bytes
                                                                                                  MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:17
                                                                                                  Start time:06:23:55
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe"
                                                                                                  Imagebase:0x3a0000
                                                                                                  File size:650'080 bytes
                                                                                                  MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:18
                                                                                                  Start time:06:23:55
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{46c3b171-c15c-4137-8e1d-67eeb2985b44}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=556
                                                                                                  Imagebase:0x3a0000
                                                                                                  File size:650'080 bytes
                                                                                                  MD5 hash:7BD0B2D204D75012D3A9A9CE107C379E
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:19
                                                                                                  Start time:06:24:12
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Program Files (x86)\DriverHub\DriverHub.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Program Files (x86)\DriverHub\DriverHub.exe"
                                                                                                  Imagebase:0x7d0000
                                                                                                  File size:7'722'672 bytes
                                                                                                  MD5 hash:9E73D5B139958CD42A7067CBC44810B7
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:20
                                                                                                  Start time:06:24:12
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\ProgramData\BrightData\b5f277be9e9b996633e463ee548565b6bbfbe374\test_wpf.exe
                                                                                                  Imagebase:0x970000
                                                                                                  File size:31'224 bytes
                                                                                                  MD5 hash:03BA6C3A52780D89BE563B7CD5668AD0
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:21
                                                                                                  Start time:06:24:21
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\DriverHub\OperaGXDownloader.exe" --silent --allusers=0
                                                                                                  Imagebase:0x910000
                                                                                                  File size:3'277'888 bytes
                                                                                                  MD5 hash:62633678215EE32B3609D9755F84B71B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:22
                                                                                                  Start time:06:24:23
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --silent --allusers=0 --server-tracking-blob=NmJhMTgyZTY5ZGVjMmQyOGI4OGE4ZjU4ODc2ODc0MjIzYThiNDg4OGZiZGRhZmNhMmY3NTI0MzFjMjk5NmYzODp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1IiwidGltZXN0YW1wIjoiMTcyMzYzMTA1OC4yNzkxIiwidXNlcmFnZW50IjoiRHJpdmVySHViSW5zdGFsbGVyLzMuNC4yMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9VU19QQjVfMzg0OSIsImNvbnRlbnQiOiIzODQ5X29wZ3g1IiwiaWQiOiJkOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImMzOGRjYTVlLTQ5NzUtNGMyMi04Yjg0LTg0YzU0MDQzMjhhYiJ9
                                                                                                  Imagebase:0x6c0000
                                                                                                  File size:6'731'168 bytes
                                                                                                  MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:23
                                                                                                  Start time:06:24:23
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\DriverHub\AvastDownloader.exe" /silent /WS
                                                                                                  Imagebase:0x9e0000
                                                                                                  File size:249'584 bytes
                                                                                                  MD5 hash:2BA68B0B5DA36C0641EA0BE5322AE747
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:24
                                                                                                  Start time:06:24:24
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x2d0,0x320,0x324,0x2fc,0x328,0x637e1b54,0x637e1b60,0x637e1b6c
                                                                                                  Imagebase:0x6c0000
                                                                                                  File size:6'731'168 bytes
                                                                                                  MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:25
                                                                                                  Start time:06:24:24
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://multipassword.com/extension-thankyou/chrome
                                                                                                  Imagebase:0x7ff715980000
                                                                                                  File size:3'242'272 bytes
                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:26
                                                                                                  Start time:06:24:25
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1984,i,249236671189780504,10620192956757997169,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                  Imagebase:0x7ff715980000
                                                                                                  File size:3'242'272 bytes
                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:27
                                                                                                  Start time:06:24:27
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
                                                                                                  Imagebase:0xc60000
                                                                                                  File size:6'731'168 bytes
                                                                                                  MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:28
                                                                                                  Start time:06:24:30
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2132 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240814062430" --session-guid=57a9a656-01e5-401b-ad20-50424dccb7f4 --server-tracking-blob=MWU4M2E0MTFmY2E4ZWJlODYwMGQ0OTFhNzZkNzg4ODYxODcyYzVhYzI5YWM2NzRkNzczOTYyZjNjMDJlM2U1Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1VTX1BCNV8zODQ5JnV0bV9pZD1kOTIyYTUyOTdlM2I0M2Y3YjA3ZWUwZWFiNThlYTc0MCZ1dG1fY29udGVudD0zODQ5X29wZ3g1Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzNjMxMDU4LjI3OTEiLCJ1c2VyYWdlbnQiOiJEcml2ZXJIdWJJbnN0YWxsZXIvMy40LjIwIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX1VTX1BCNV8zODQ5IiwiY29udGVudCI6IjM4NDlfb3BneDUiLCJpZCI6ImQ5MjJhNTI5N2UzYjQzZjdiMDdlZTBlYWI1OGVhNzQwIiwibWVkaXVtIjoicGEiLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiYzM4ZGNhNWUtNDk3NS00YzIyLThiODQtODRjNTQwNDMyOGFiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1C06000000000000
                                                                                                  Imagebase:0x6c0000
                                                                                                  File size:6'731'168 bytes
                                                                                                  MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:29
                                                                                                  Start time:06:24:31
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS05890C7B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x330,0x344,0x6bf81b54,0x6bf81b60,0x6bf81b6c
                                                                                                  Imagebase:0x6c0000
                                                                                                  File size:6'731'168 bytes
                                                                                                  MD5 hash:607FB47AD9D20BB16F90E4A38C93BBFE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:30
                                                                                                  Start time:06:24:36
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\Temp\asw.220e65e681ab5e8f\avast_free_antivirus_setup_online_x64.exe" /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
                                                                                                  Imagebase:0x7ff7b8780000
                                                                                                  File size:9'931'880 bytes
                                                                                                  MD5 hash:C2626794E09A2197C5AC2FECC2F611A2
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:31
                                                                                                  Start time:06:24:43
                                                                                                  Start date:14/08/2024
                                                                                                  Path:C:\Windows\Temp\asw.b569351eb821d9a8\Instup.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\Temp\asw.b569351eb821d9a8\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.b569351eb821d9a8 /edition:1 /prod:ais /stub_context:aca2c3c7-54dc-4f62-a2f4-1ffbd717ae2a:9931880 /guid:48f6f96c-29f8-4474-85eb-2177da680035 /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /silent /WS /cookie:mmm_mrk_ppi_004_408_v /ga_clientid:e1483bed-3593-409c-8308-e3617acb66fa /edat_dir:C:\Windows\Temp\asw.220e65e681ab5e8f /geo:US
                                                                                                  Imagebase:0x7ff7f95a0000
                                                                                                  File size:3'815'368 bytes
                                                                                                  MD5 hash:7342A3F59C64B20E80DE29EB49D99389
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Executed Functions

                                                                                                    Function 00693BC3 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 311fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 599 693bc3-693c50 call 6bf670 * 2 GetFileAttributesW 604 693c52-693c6d GetLastError 599->604 605 693c84-693c87 599->605 604->605 608 693c6f-693c70 604->608 606 693c8d-693c90 605->606 607 693fd3 605->607 609 693cc9-693cd0 606->609 610 693c92-693ca5 SetFileAttributesW 606->610 611 693fd8-693fe1 607->611 612 693c75-693c7f call 6937d3 608->612 614 693cdf-693ce7 609->614 615 693cd2-693cd9 609->615 610->609 613 693ca7-693cc7 GetLastError 610->613 616 693fea-693ff1 611->616 617 693fe3-693fe4 FindClose 611->617 612->616 613->612 622 693ce9-693cfd GetTempPathW 614->622 623 693d24-693d3f call 692d79 614->623 615->614 621 693f57 615->621 619 693ffe-694010 call 6bde36 616->619 620 693ff3-693ff9 call 6d54ef 616->620 617->616 620->619 627 693f5d-693f6b RemoveDirectoryW 621->627 622->623 628 693cff-693d1f GetLastError 622->628 623->616 635 693d45-693d61 FindFirstFileW 623->635 627->611 631 693f6d-693f83 GetLastError 627->631 628->612 633 693f9f-693fa1 631->633 634 693f85-693f87 631->634 633->611 637 693fa3-693fa9 633->637 636 693f89-693f9b MoveFileExW 634->636 634->637 638 693d88-693d92 635->638 639 693d63-693d7e GetLastError 635->639 636->637 642 693f9d 636->642 643 693ef9-693f03 call 6937d3 637->643 640 693db9-693ddf call 692d79 638->640 641 693d94-693d9d 638->641 639->638 640->611 655 693de5-693df2 640->655 644 693ebc-693ecc FindNextFileW 641->644 645 693da3-693daa 641->645 642->633 643->611 650 693f4c-693f51 GetLastError 644->650 651 693ece-693ed4 644->651 645->640 648 693dac-693db3 645->648 648->640 648->644 653 693fae-693fce GetLastError 650->653 654 693f53-693f55 650->654 651->638 653->643 654->627 656 693e21-693e28 655->656 657 693df4-693df6 655->657 659 693e2e-693e30 656->659 660 693eb6 656->660 657->656 658 693df8-693e08 call 692b2e 657->658 658->611 669 693e0e-693e17 call 693bc3 658->669 661 693e4b-693e59 DeleteFileW 659->661 662 693e32-693e45 SetFileAttributesW 659->662 660->644 661->660 665 693e5b-693e5d 661->665 662->661 664 693ed9-693ef4 GetLastError 662->664 664->643 667 693f2a-693f4a GetLastError 665->667 668 693e63-693e80 GetTempFileNameW 665->668 667->643 670 693f08-693f28 GetLastError 668->670 671 693e86-693ea3 MoveFileExW 668->671 675 693e1c 669->675 670->643 673 693eae 671->673 674 693ea5-693eac 671->674 676 693eb4 MoveFileExW 673->676 674->676 675->660 676->660
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00693C3F
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693C52
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 00693C9D
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693CA7
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 00693CF5
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693CFF
                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 00693D52
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693D63
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 00693E3D
                                                                                                    • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 00693E51
                                                                                                    • GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 00693E78
                                                                                                    • MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 00693E9B
                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00693EB4
                                                                                                    • FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 00693EC4
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693ED9
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693F08
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693F2A
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693F4C
                                                                                                    • RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00693F63
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693F6D
                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00693F93
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693FAE
                                                                                                    • FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 00693FE4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                    • String ID: *.*$DEL$dirutil.cpp
                                                                                                    • API String ID: 1544372074-1252831301
                                                                                                    • Opcode ID: 7f8b6e42a0bedc6e1aa5017bed2730806952ced798354c41618827548f1b9d73
                                                                                                    • Instruction ID: c23ffc6178c51f85b62ab1128678fe3790e4d69b9dbb95e9906b90c7aa3274b7
                                                                                                    • Opcode Fuzzy Hash: 7f8b6e42a0bedc6e1aa5017bed2730806952ced798354c41618827548f1b9d73
                                                                                                    • Instruction Fuzzy Hash: 3BB1A871E01635EAEF309A758C44BE6B6BFAF44750F0102A6ED09E7790D7718E81CBA0
                                                                                                    Function 0069508D Relevance: 44.1, APIs: 5, Strings: 20, Instructions: 322COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 677 69508d-69513b call 6bf670 * 2 GetModuleHandleW call 6d03f0 call 6d05a2 call 691209 688 69513d 677->688 689 695151-695162 call 6941d2 677->689 691 695142-69514c call 6d012f 688->691 695 69516b-695187 call 695525 CoInitializeEx 689->695 696 695164-695169 689->696 697 6953cc-6953d3 691->697 705 695189-69518e 695->705 706 695190-69519c call 6cfbad 695->706 696->691 699 6953e0-6953e2 697->699 700 6953d5-6953db call 6d54ef 697->700 703 6953e4-6953eb 699->703 704 695407-695425 call 69d723 call 6aa6d0 call 6aa91e 699->704 700->699 703->704 707 6953ed-695402 call 6d041b 703->707 727 695453-695466 call 694e9c 704->727 728 695427-69542f 704->728 705->691 714 69519e 706->714 715 6951b0-6951bf call 6d0cd1 706->715 707->704 718 6951a3-6951ab call 6d012f 714->718 723 6951c8-6951d7 call 6d29b3 715->723 724 6951c1-6951c6 715->724 718->697 733 6951d9-6951de 723->733 734 6951e0-6951ef call 6d343b 723->734 724->718 737 695468 call 6d3911 727->737 738 69546d-695474 727->738 728->727 731 695431-695434 728->731 731->727 735 695436-695451 call 6a416a call 69550f 731->735 733->718 747 6951f8-695217 GetVersionExW 734->747 748 6951f1-6951f6 734->748 735->727 737->738 742 69547b-695482 738->742 743 695476 call 6d2dd0 738->743 749 695489-695490 742->749 750 695484 call 6d1317 742->750 743->742 754 695219-69524c GetLastError call 6937d3 747->754 755 695251-695296 call 6933d7 call 69550f 747->755 748->718 751 695492 call 6cfcbc 749->751 752 695497-695499 749->752 750->749 751->752 759 69549b CoUninitialize 752->759 760 6954a1-6954a8 752->760 754->718 775 6952a9-6952b9 call 6a7337 755->775 776 695298-6952a3 call 6d54ef 755->776 759->760 764 6954aa-6954ac 760->764 765 6954e3-6954ec call 6d000b 760->765 768 6954ae-6954b0 764->768 769 6954b2-6954b8 764->769 773 6954ee call 6944e9 765->773 774 6954f3-69550c call 6d06f5 call 6bde36 765->774 772 6954ba-6954d3 call 6a3c30 call 69550f 768->772 769->772 772->765 792 6954d5-6954e2 call 69550f 772->792 773->774 788 6952bb 775->788 789 6952c5-6952ce 775->789 776->775 788->789 793 6952d4-6952d7 789->793 794 695396-6953a3 call 694c33 789->794 792->765 795 6952dd-6952e0 793->795 796 69536e-69538a call 6949df 793->796 802 6953a8-6953ac 794->802 799 6952e2-6952e5 795->799 800 695346-695362 call 6947e9 795->800 808 6953b8-6953ca 796->808 813 69538c 796->813 805 69531e-69533a call 694982 799->805 806 6952e7-6952ea 799->806 800->808 815 695364 800->815 802->808 809 6953ae 802->809 805->808 819 69533c 805->819 811 6952fb-69530e call 694b80 806->811 812 6952ec-6952f1 806->812 808->697 809->808 811->808 820 695314 811->820 812->811 813->794 815->796 819->800 820->805
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 0069510F
                                                                                                      • Part of subcall function 006D03F0: InitializeCriticalSection.KERNEL32(006FB60C,?,0069511B,00000000,?,?,?,?,?,?), ref: 006D0407
                                                                                                      • Part of subcall function 00691209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00695137,00000000,?), ref: 00691247
                                                                                                      • Part of subcall function 00691209: GetLastError.KERNEL32(?,?,?,00695137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00691251
                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 0069517D
                                                                                                      • Part of subcall function 006D0CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 006D0CF2
                                                                                                    • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 0069520F
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00695219
                                                                                                    • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0069549B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                    • String ID: 3.10.4.4718$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
                                                                                                    • API String ID: 3262001429-867073019
                                                                                                    • Opcode ID: ebb85a585e00785ba98b8b02183b209ffa761a0992e735fadd4713307a5710d4
                                                                                                    • Instruction ID: f682bad1a34ccfe3270a616cdd49a16c0f144e9a9ea84a8cad31a05b56635fe2
                                                                                                    • Opcode Fuzzy Hash: ebb85a585e00785ba98b8b02183b209ffa761a0992e735fadd4713307a5710d4
                                                                                                    • Instruction Fuzzy Hash: 51B1D571D40A299BDF73AF64CC46BED76AFAF04710F05009AF90AA6741DB709E818F94
                                                                                                    Function 006D2F23 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152libraryloadercomCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,006D34DF,00000000,?,00000000), ref: 006D2F3D
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,006BBDED,?,006952FD,?,00000000,?), ref: 006D2F49
                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 006D2F89
                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 006D2F95
                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 006D2FA0
                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 006D2FAA
                                                                                                    • CoCreateInstance.OLE32(006FB6C8,00000000,00000001,006DB808,?,?,?,?,?,?,?,?,?,?,?,006BBDED), ref: 006D2FE5
                                                                                                    • ExitProcess.KERNEL32 ref: 006D3094
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                                                    • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
                                                                                                    • API String ID: 2124981135-499589564
                                                                                                    • Opcode ID: 22ee928e1a4fcd4f719183eea9c5a3eba0a5b47aaadb95e8d2d8fe2bb6e99064
                                                                                                    • Instruction ID: cce3e93058bf9f26e39f9e12c72c84c0f5bfbb26cb0646f24a5dff6b735bd981
                                                                                                    • Opcode Fuzzy Hash: 22ee928e1a4fcd4f719183eea9c5a3eba0a5b47aaadb95e8d2d8fe2bb6e99064
                                                                                                    • Instruction Fuzzy Hash: E0418231E41225ABDB209FA8C854FAEB7A7EF54711F12406AF901EB350DB71DE408BA1
                                                                                                    Function 00691070 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 77fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006933D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,006910DD,?,00000000), ref: 006933F8
                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 006910F6
                                                                                                      • Part of subcall function 00691174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 00691185
                                                                                                      • Part of subcall function 00691174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 00691190
                                                                                                      • Part of subcall function 00691174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0069119E
                                                                                                      • Part of subcall function 00691174: GetLastError.KERNEL32(?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 006911B9
                                                                                                      • Part of subcall function 00691174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 006911C1
                                                                                                      • Part of subcall function 00691174: GetLastError.KERNEL32(?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 006911D6
                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,?,?,?,006DB4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 00691131
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorFileLastModuleProc$ChangeCloseCreateFindHandleHeapInformationNameNotification
                                                                                                    • String ID: cabinet.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                    • API String ID: 2670336470-2392521765
                                                                                                    • Opcode ID: 20e51a25a392528969eeb1cd75a3baaf0968f6ba3fc393e05a6a246c45e50d62
                                                                                                    • Instruction ID: 772280d75a25f8928f5be168ef0b1303fa7bed3080a5a3a945e73bffea63ced6
                                                                                                    • Opcode Fuzzy Hash: 20e51a25a392528969eeb1cd75a3baaf0968f6ba3fc393e05a6a246c45e50d62
                                                                                                    • Instruction Fuzzy Hash: 17217E71D00209EBDB50DFA5DC05AEEBBFAAF45314F11511AE920BA395D7709908CBA4
                                                                                                    Function 006A9EB7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Failed to calculate working folder to ensure it exists., xrefs: 006A9ED4
                                                                                                    • Failed create working folder., xrefs: 006A9EEA
                                                                                                    • =Si, xrefs: 006A9EB7
                                                                                                    • Failed to copy working folder., xrefs: 006A9F12
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentDirectoryErrorLastProcessWindows
                                                                                                    • String ID: =Si$Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
                                                                                                    • API String ID: 3841436932-3535633557
                                                                                                    • Opcode ID: 27f502256da55cbabda2c9c84dd192e0a01774028f7e323bd42edb72fcc3baf6
                                                                                                    • Instruction ID: 2693b6a073128baf26573621364d93b34ec44e3adcfe3e934f4ab59e7280cb3f
                                                                                                    • Opcode Fuzzy Hash: 27f502256da55cbabda2c9c84dd192e0a01774028f7e323bd42edb72fcc3baf6
                                                                                                    • Instruction Fuzzy Hash: 4901D831D05268FB8F22BB55CC02CAF7A7BDF92760B31015AF900A6211DB318E00AAF0
                                                                                                    Function 006C4812 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,006C47E8,00000000,006F7CF8,0000000C,006C493F,00000000,00000002,00000000), ref: 006C4833
                                                                                                    • TerminateProcess.KERNEL32(00000000,?,006C47E8,00000000,006F7CF8,0000000C,006C493F,00000000,00000002,00000000), ref: 006C483A
                                                                                                    • ExitProcess.KERNEL32 ref: 006C484C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1703294689-0
                                                                                                    • Opcode ID: df7fb760ba58fafedda98db626a484ff0d20183aae154892b9eaa7e13bb84992
                                                                                                    • Instruction ID: f1404dd665952053c0d139a5e979f9a286e3fa5eb4a73aad79c4a17983b37d55
                                                                                                    • Opcode Fuzzy Hash: df7fb760ba58fafedda98db626a484ff0d20183aae154892b9eaa7e13bb84992
                                                                                                    • Instruction Fuzzy Hash: C3E09A31802548EBCF11AF55ED19E693B6AEF45381B05201DF8054B125CB35D941DA84
                                                                                                    Function 006938D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 1357844191-0
                                                                                                    • Opcode ID: 371d471f19f5251ff86a36aa8d48457604ae3b053a9ebfff63f8561548df9950
                                                                                                    • Instruction ID: 9bc9e873ea6295b65358dc6eb0b2d08408196ee336e48b83c9a05761ebbcb68d
                                                                                                    • Opcode Fuzzy Hash: 371d471f19f5251ff86a36aa8d48457604ae3b053a9ebfff63f8561548df9950
                                                                                                    • Instruction Fuzzy Hash: 6EC01232590218E78B005FF4DC0DC5937ADA718A027009401B505C2114C73CE0148760
                                                                                                    Function 0069DE25 Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 646COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0069DF4A
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0069E62A
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeapString$AllocateProcess
                                                                                                    • String ID: =Si$Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$always$cabinet.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
                                                                                                    • API String ID: 336948655-653643734
                                                                                                    • Opcode ID: de0c8a3c46bd1d6c08a6de78f7c1098891f2b22571b6ba9345defdeaf86c64c6
                                                                                                    • Instruction ID: 383d058d881e35f5b52314451f744e7b0ea19f2f6506cd2b7f44b79ec36846aa
                                                                                                    • Opcode Fuzzy Hash: de0c8a3c46bd1d6c08a6de78f7c1098891f2b22571b6ba9345defdeaf86c64c6
                                                                                                    • Instruction Fuzzy Hash: CA32C371D01326ABDF11DB90CC41FADBBBBAB04724F120269F911BB691D7B29E41DB90
                                                                                                    Function 0069F86E Relevance: 115.9, APIs: 3, Strings: 63, Instructions: 445COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 220 69f86e-69f8a4 call 6d388a 223 69f8b8-69f8d1 call 6d31c7 220->223 224 69f8a6-69f8b3 call 6d012f 220->224 230 69f8dd-69f8f2 call 6d31c7 223->230 231 69f8d3-69f8d8 223->231 229 69fda0-69fda5 224->229 234 69fdad-69fdb2 229->234 235 69fda7-69fda9 229->235 242 69f8fe-69f90b call 69e936 230->242 243 69f8f4-69f8f9 230->243 232 69fd97-69fd9e call 6d012f 231->232 248 69fd9f 232->248 236 69fdba-69fdbf 234->236 237 69fdb4-69fdb6 234->237 235->234 240 69fdc1-69fdc3 236->240 241 69fdc7-69fdcb 236->241 237->236 240->241 245 69fdcd-69fdd0 call 6d54ef 241->245 246 69fdd5-69fddc 241->246 251 69f90d-69f912 242->251 252 69f917-69f92c call 6d31c7 242->252 243->232 245->246 248->229 251->232 255 69f938-69f94a call 6d4b5a 252->255 256 69f92e-69f933 252->256 259 69f959-69f96e call 6d31c7 255->259 260 69f94c-69f954 255->260 256->232 265 69f97a-69f98f call 6d31c7 259->265 266 69f970-69f975 259->266 261 69fc23-69fc2c call 6d012f 260->261 261->248 270 69f99b-69f9ad call 6d33db 265->270 271 69f991-69f996 265->271 266->232 274 69f9b9-69f9cf call 6d388a 270->274 275 69f9af-69f9b4 270->275 271->232 278 69fc7e-69fc98 call 69ebb2 274->278 279 69f9d5-69f9d7 274->279 275->232 286 69fc9a-69fc9f 278->286 287 69fca4-69fcbc call 6d388a 278->287 280 69f9d9-69f9de 279->280 281 69f9e3-69f9f8 call 6d33db 279->281 280->232 288 69f9fa-69f9ff 281->288 289 69fa04-69fa19 call 6d31c7 281->289 286->232 294 69fcc2-69fcc4 287->294 295 69fd86-69fd87 call 69efe5 287->295 288->232 297 69fa29-69fa3e call 6d31c7 289->297 298 69fa1b-69fa1d 289->298 299 69fcd0-69fcee call 6d31c7 294->299 300 69fcc6-69fccb 294->300 301 69fd8c-69fd90 295->301 308 69fa4e-69fa63 call 6d31c7 297->308 309 69fa40-69fa42 297->309 298->297 302 69fa1f-69fa24 298->302 310 69fcfa-69fd12 call 6d31c7 299->310 311 69fcf0-69fcf5 299->311 300->232 301->248 307 69fd92 301->307 302->232 307->232 319 69fa73-69fa88 call 6d31c7 308->319 320 69fa65-69fa67 308->320 309->308 312 69fa44-69fa49 309->312 317 69fd1f-69fd37 call 6d31c7 310->317 318 69fd14-69fd16 310->318 311->232 312->232 327 69fd39-69fd3b 317->327 328 69fd44-69fd5c call 6d31c7 317->328 318->317 321 69fd18-69fd1d 318->321 329 69fa98-69faad call 6d31c7 319->329 330 69fa8a-69fa8c 319->330 320->319 322 69fa69-69fa6e 320->322 321->232 322->232 327->328 331 69fd3d-69fd42 327->331 339 69fd5e-69fd63 328->339 340 69fd65-69fd7d call 6d31c7 328->340 337 69fabd-69fad2 call 6d31c7 329->337 338 69faaf-69fab1 329->338 330->329 332 69fa8e-69fa93 330->332 331->232 332->232 347 69fae2-69faf7 call 6d31c7 337->347 348 69fad4-69fad6 337->348 338->337 341 69fab3-69fab8 338->341 339->232 340->295 346 69fd7f-69fd84 340->346 341->232 346->232 352 69faf9-69fafb 347->352 353 69fb07-69fb1c call 6d31c7 347->353 348->347 349 69fad8-69fadd 348->349 349->232 352->353 354 69fafd-69fb02 352->354 357 69fb2c-69fb44 call 6d31c7 353->357 358 69fb1e-69fb20 353->358 354->232 362 69fb54-69fb6c call 6d31c7 357->362 363 69fb46-69fb48 357->363 358->357 359 69fb22-69fb27 358->359 359->232 367 69fb7c-69fb91 call 6d31c7 362->367 368 69fb6e-69fb70 362->368 363->362 364 69fb4a-69fb4f 363->364 364->232 372 69fc31-69fc33 367->372 373 69fb97-69fbb4 CompareStringW 367->373 368->367 369 69fb72-69fb77 368->369 369->232 374 69fc3e-69fc40 372->374 375 69fc35-69fc3c 372->375 376 69fbbe-69fbd3 CompareStringW 373->376 377 69fbb6-69fbbc 373->377 381 69fc4c-69fc64 call 6d33db 374->381 382 69fc42-69fc47 374->382 375->374 379 69fbe1-69fbf6 CompareStringW 376->379 380 69fbd5-69fbdf 376->380 378 69fbff-69fc04 377->378 378->374 384 69fbf8 379->384 385 69fc06-69fc1e call 6937d3 379->385 380->378 381->278 388 69fc66-69fc68 381->388 382->232 384->378 385->261 390 69fc6a-69fc6f 388->390 391 69fc74 388->391 390->232 391->278
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: =Si$AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$msasn1.dll$registration.cpp$yes
                                                                                                    • API String ID: 0-10724523
                                                                                                    • Opcode ID: 2ee847d53032b5bb6f42684e67cc04877ef4d47b7580c7973fa60a1eaf1705de
                                                                                                    • Instruction ID: af29d906d29469390216300ad639ae39d7aefda001c3c8187c79bb7098d6b6db
                                                                                                    • Opcode Fuzzy Hash: 2ee847d53032b5bb6f42684e67cc04877ef4d47b7580c7973fa60a1eaf1705de
                                                                                                    • Instruction Fuzzy Hash: 3CE1A532E417B6BACF119BA1CC41EEDBA6B6F00710F130275F910FAB50DB615D85A685
                                                                                                    Function 0069B389 Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 565fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 392 69b389-69b3fd call 6bf670 * 2 397 69b3ff-69b42a GetLastError call 6937d3 392->397 398 69b435-69b450 SetFilePointerEx 392->398 408 69b42f-69b430 397->408 400 69b452-69b482 GetLastError call 6937d3 398->400 401 69b484-69b49e ReadFile 398->401 400->408 404 69b4a0-69b4d0 GetLastError call 6937d3 401->404 405 69b4d5-69b4dc 401->405 404->408 406 69bad3-69bae7 call 6937d3 405->406 407 69b4e2-69b4eb 405->407 423 69baec 406->423 407->406 412 69b4f1-69b501 SetFilePointerEx 407->412 413 69baed-69baf3 call 6d012f 408->413 416 69b538-69b550 ReadFile 412->416 417 69b503-69b52e GetLastError call 6937d3 412->417 424 69baf4-69bb06 call 6bde36 413->424 421 69b552-69b57d GetLastError call 6937d3 416->421 422 69b587-69b58e 416->422 417->416 421->422 427 69bab8-69bad1 call 6937d3 422->427 428 69b594-69b59e 422->428 423->413 427->423 428->427 432 69b5a4-69b5c7 SetFilePointerEx 428->432 433 69b5c9-69b5f4 GetLastError call 6937d3 432->433 434 69b5fe-69b616 ReadFile 432->434 433->434 438 69b618-69b643 GetLastError call 6937d3 434->438 439 69b64d-69b665 ReadFile 434->439 438->439 442 69b69c-69b6b7 SetFilePointerEx 439->442 443 69b667-69b692 GetLastError call 6937d3 439->443 446 69b6b9-69b6e7 GetLastError call 6937d3 442->446 447 69b6f1-69b710 ReadFile 442->447 443->442 446->447 449 69ba79-69baad GetLastError call 6937d3 447->449 450 69b716-69b718 447->450 458 69baae-69bab6 call 6d012f 449->458 454 69b719-69b720 450->454 456 69ba54-69ba71 call 6937d3 454->456 457 69b726-69b732 454->457 467 69ba76-69ba77 456->467 459 69b73d-69b746 457->459 460 69b734-69b73b 457->460 458->424 465 69b74c-69b772 ReadFile 459->465 466 69ba17-69ba2e call 6937d3 459->466 460->459 464 69b780-69b787 460->464 471 69b789-69b7ab call 6937d3 464->471 472 69b7b0-69b7c7 call 6938d4 464->472 465->449 470 69b778-69b77e 465->470 477 69ba33-69ba39 call 6d012f 466->477 467->458 470->454 471->467 479 69b7c9-69b7e6 call 6937d3 472->479 480 69b7eb-69b800 SetFilePointerEx 472->480 488 69ba3f-69ba40 477->488 479->413 483 69b840-69b865 ReadFile 480->483 484 69b802-69b830 GetLastError call 6937d3 480->484 489 69b89c-69b8a8 483->489 490 69b867-69b89a GetLastError call 6937d3 483->490 499 69b835-69b83b call 6d012f 484->499 494 69ba41-69ba43 488->494 491 69b8cb-69b8cf 489->491 492 69b8aa-69b8c6 call 6937d3 489->492 490->499 497 69b90a-69b91d call 6d48cb 491->497 498 69b8d1-69b905 call 6937d3 call 6d012f 491->498 492->477 494->424 500 69ba49-69ba4f call 693999 494->500 512 69b929-69b933 497->512 513 69b91f-69b924 497->513 498->494 499->488 500->424 515 69b93d-69b945 512->515 516 69b935-69b93b 512->516 513->499 518 69b951-69b954 515->518 519 69b947-69b94f 515->519 517 69b956-69b9b6 call 6938d4 516->517 522 69b9b8-69b9d4 call 6937d3 517->522 523 69b9da-69b9fb call 6bf0f0 call 69b106 517->523 518->517 519->517 522->523 523->494 530 69b9fd-69ba0d call 6937d3 523->530 530->466
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EDC3F0,00000000), ref: 0069B3FF
                                                                                                    • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B44C
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EDC3F0,00000000), ref: 0069B452
                                                                                                    • ReadFile.KERNELBASE(00000000,\CiH,00000040,?,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B49A
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EDC3F0,00000000), ref: 0069B4A0
                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B4FD
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B503
                                                                                                    • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B54C
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B552
                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B5C3
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B5C9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$Pointer$Read
                                                                                                    • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$\CiH$burn$section.cpp
                                                                                                    • API String ID: 2600052162-1494491685
                                                                                                    • Opcode ID: 7c33d5f96b6315ef2d91fe5cc324e8182ffb0145c6e29e3ac92f1e25bb79edc3
                                                                                                    • Instruction ID: 3d7ea80938fb8797f6e184cc252f0c7b5a24d8992c4b51cd59f17bfbd03f287a
                                                                                                    • Opcode Fuzzy Hash: 7c33d5f96b6315ef2d91fe5cc324e8182ffb0145c6e29e3ac92f1e25bb79edc3
                                                                                                    • Instruction Fuzzy Hash: F412E171E40325ABEF20AB64DD41FAB76ABEF44700F01416AFD09EB680DB718D41CBA5
                                                                                                    Function 006B0A77 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 533 6b0a77-6b0a90 SetEvent 534 6b0aca-6b0ad6 WaitForSingleObject 533->534 535 6b0a92-6b0ac5 GetLastError call 6937d3 533->535 536 6b0ad8-6b0b0b GetLastError call 6937d3 534->536 537 6b0b10-6b0b1b ResetEvent 534->537 543 6b0e25-6b0e26 call 6d012f 535->543 536->543 541 6b0b1d-6b0b50 GetLastError call 6937d3 537->541 542 6b0b55-6b0b5b 537->542 541->543 546 6b0b5d-6b0b60 542->546 547 6b0b96-6b0baf call 6921bc 542->547 553 6b0e2b-6b0e2c 543->553 551 6b0b8c-6b0b91 546->551 552 6b0b62-6b0b87 call 6937d3 call 6d012f 546->552 558 6b0bca-6b0bd5 SetEvent 547->558 559 6b0bb1-6b0bc5 call 6d012f 547->559 554 6b0e2d-6b0e2f 551->554 552->553 553->554 557 6b0e30-6b0e40 554->557 562 6b0c00-6b0c0c WaitForSingleObject 558->562 563 6b0bd7-6b0bf6 GetLastError 558->563 559->554 566 6b0c0e-6b0c2d GetLastError 562->566 567 6b0c37-6b0c42 ResetEvent 562->567 563->562 566->567 569 6b0c6d-6b0c74 567->569 570 6b0c44-6b0c63 GetLastError 567->570 571 6b0ce3-6b0d05 CreateFileW 569->571 572 6b0c76-6b0c79 569->572 570->569 575 6b0d42-6b0d57 SetFilePointerEx 571->575 576 6b0d07-6b0d38 GetLastError call 6937d3 571->576 573 6b0c7b-6b0c7e 572->573 574 6b0ca0-6b0ca7 call 6938d4 572->574 578 6b0c99-6b0c9b 573->578 579 6b0c80-6b0c83 573->579 588 6b0cac-6b0cb1 574->588 580 6b0d59-6b0d8c GetLastError call 6937d3 575->580 581 6b0d91-6b0d9c SetEndOfFile 575->581 576->575 578->557 579->551 584 6b0c89-6b0c8f 579->584 580->543 586 6b0d9e-6b0dd1 GetLastError call 6937d3 581->586 587 6b0dd3-6b0df0 SetFilePointerEx 581->587 584->578 586->543 587->554 593 6b0df2-6b0e20 GetLastError call 6937d3 587->593 591 6b0cb3-6b0ccd call 6937d3 588->591 592 6b0cd2-6b0cde 588->592 591->543 592->554 593->543
                                                                                                    APIs
                                                                                                    • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,006B0621,?,?), ref: 006B0A85
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,006B0621,?,?), ref: 006B0A92
                                                                                                    • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,006B0621,?,?), ref: 006B0ACE
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,006B0621,?,?), ref: 006B0AD8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EventObjectSingleWait
                                                                                                    • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                    • API String ID: 3600396749-2104912459
                                                                                                    • Opcode ID: 52bacd17418f548496963aead065c32e5a3accd2df35451618d3d107ac5dc418
                                                                                                    • Instruction ID: 65cc8c687a72693f7f00a80a10b0e3f21ec414f25c1b86257937376b17f8b954
                                                                                                    • Opcode Fuzzy Hash: 52bacd17418f548496963aead065c32e5a3accd2df35451618d3d107ac5dc418
                                                                                                    • Instruction Fuzzy Hash: B89116B2E41721BBF7205AB98D49BA73AD7EF04750F020226FD05EA6A0D761DC4187D5
                                                                                                    Function 00694C33 Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 219COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 926 694c33-694c7b call 6bf670 call 6933d7 931 694c7d-694c8a call 6d012f 926->931 932 694c8f-694c99 call 6a96f2 926->932 937 694e2b-694e35 931->937 938 694c9b-694ca0 932->938 939 694ca2-694cb1 call 6a96f8 932->939 940 694e40-694e44 937->940 941 694e37-694e3c CloseHandle 937->941 942 694cd7-694cf2 call 691f20 938->942 947 694cb6-694cba 939->947 945 694e4f-694e53 940->945 946 694e46-694e4b CloseHandle 940->946 941->940 953 694cfb-694d0f call 6a6859 942->953 954 694cf4-694cf9 942->954 949 694e5e-694e60 945->949 950 694e55-694e5a CloseHandle 945->950 946->945 951 694cbc 947->951 952 694cd1-694cd4 947->952 955 694e62-694e63 CloseHandle 949->955 956 694e65-694e79 call 692793 * 2 949->956 950->949 957 694cc1-694ccc call 6d012f 951->957 952->942 965 694d29-694d3d call 6a6915 953->965 966 694d11 953->966 954->957 955->956 971 694e7b-694e7e call 6d54ef 956->971 972 694e83-694e87 956->972 957->937 974 694d3f-694d44 965->974 975 694d46-694d61 call 691f62 965->975 969 694d16 966->969 973 694d1b-694d24 call 6d012f 969->973 971->972 977 694e89-694e8c call 6d54ef 972->977 978 694e91-694e99 972->978 984 694e28 973->984 974->969 985 694d6d-694d86 call 691f62 975->985 986 694d63-694d68 975->986 977->978 984->937 989 694d88-694d8d 985->989 990 694d92-694dbe CreateProcessW 985->990 986->957 989->957 991 694dfb-694e11 call 6d0917 990->991 992 694dc0-694df6 GetLastError call 6937d3 990->992 995 694e16-694e1a 991->995 992->973 995->937 997 694e1c-694e23 call 6d012f 995->997 997->984
                                                                                                    APIs
                                                                                                      • Part of subcall function 006933D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,006910DD,?,00000000), ref: 006933F8
                                                                                                    • CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00694E3A
                                                                                                    • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00694E49
                                                                                                    • CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00694E58
                                                                                                    • CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00694E63
                                                                                                    Strings
                                                                                                    • burn.filehandle.self, xrefs: 00694D3F
                                                                                                    • Failed to launch clean room process: %ls, xrefs: 00694DF1
                                                                                                    • "%ls" %ls, xrefs: 00694D74
                                                                                                    • Failed to get path for current process., xrefs: 00694C7D
                                                                                                    • Failed to allocate parameters for unelevated process., xrefs: 00694CF4
                                                                                                    • Failed to wait for clean room process: %ls, xrefs: 00694E1D
                                                                                                    • Failed to append original command line., xrefs: 00694D63
                                                                                                    • -%ls="%ls", xrefs: 00694CE0
                                                                                                    • Failed to cache to clean room., xrefs: 00694CBC
                                                                                                    • %ls %ls, xrefs: 00694D4F
                                                                                                    • burn.clean.room, xrefs: 00694CD8
                                                                                                    • Failed to append %ls, xrefs: 00694D16
                                                                                                    • engine.cpp, xrefs: 00694DE4
                                                                                                    • D, xrefs: 00694DA3
                                                                                                    • burn.filehandle.attached, xrefs: 00694D11
                                                                                                    • Failed to allocate full command-line., xrefs: 00694D88
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$FileModuleName
                                                                                                    • String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                    • API String ID: 3884789274-2391192076
                                                                                                    • Opcode ID: 54eecd6d883812396c92eb5d6028826b2217360f0dc80d51618bd3c77504b660
                                                                                                    • Instruction ID: 863fe88c7239df54a0f8c597359af36c336cbaab14ae626241a68e62ba6025f2
                                                                                                    • Opcode Fuzzy Hash: 54eecd6d883812396c92eb5d6028826b2217360f0dc80d51618bd3c77504b660
                                                                                                    • Instruction Fuzzy Hash: 0B718531D01229EADF219BA4CC41EEFBBBEAF04710F110116F914B7791DF705A028BA5
                                                                                                    Function 006A7337 Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 999 6a7337-6a737c call 6bf670 call 697503 1004 6a7388-6a7399 call 69c2a1 999->1004 1005 6a737e-6a7383 999->1005 1011 6a739b-6a73a0 1004->1011 1012 6a73a5-6a73b6 call 69c108 1004->1012 1006 6a7602-6a7609 call 6d012f 1005->1006 1013 6a760a-6a760f 1006->1013 1011->1006 1018 6a73b8-6a73bd 1012->1018 1019 6a73c2-6a73d7 call 69c362 1012->1019 1015 6a7611-6a7612 call 6d54ef 1013->1015 1016 6a7617-6a761b 1013->1016 1015->1016 1021 6a761d-6a7620 call 6d54ef 1016->1021 1022 6a7625-6a762a 1016->1022 1018->1006 1030 6a73d9-6a73de 1019->1030 1031 6a73e3-6a73f3 call 6bbdc9 1019->1031 1021->1022 1025 6a762c-6a762d call 6d54ef 1022->1025 1026 6a7632-6a763f call 69c055 1022->1026 1025->1026 1034 6a7649-6a764d 1026->1034 1035 6a7641-6a7644 call 6d54ef 1026->1035 1030->1006 1043 6a73ff-6a7472 call 6a5a35 1031->1043 1044 6a73f5-6a73fa 1031->1044 1036 6a764f-6a7652 call 6d54ef 1034->1036 1037 6a7657-6a765b 1034->1037 1035->1034 1036->1037 1041 6a765d-6a7660 call 693999 1037->1041 1042 6a7665-6a766d 1037->1042 1041->1042 1048 6a747e-6a74a6 call 69550f GetCurrentProcess call 6d076c 1043->1048 1049 6a7474-6a7479 1043->1049 1044->1006 1053 6a74ab-6a74c2 call 698152 1048->1053 1049->1006 1056 6a74dc-6a74e1 1053->1056 1057 6a74c4-6a74d7 call 6d012f 1053->1057 1059 6a753d-6a7542 1056->1059 1060 6a74e3-6a74f5 call 6980f6 1056->1060 1057->1013 1061 6a7562-6a756b 1059->1061 1062 6a7544-6a7556 call 6980f6 1059->1062 1071 6a7501-6a7511 call 693446 1060->1071 1072 6a74f7-6a74fc 1060->1072 1066 6a756d-6a7570 1061->1066 1067 6a7577-6a758b call 6aa307 1061->1067 1062->1061 1074 6a7558-6a755d 1062->1074 1066->1067 1070 6a7572-6a7575 1066->1070 1081 6a758d-6a7592 1067->1081 1082 6a7594 1067->1082 1070->1067 1075 6a759a-6a759d 1070->1075 1084 6a751d-6a7531 call 6980f6 1071->1084 1085 6a7513-6a7518 1071->1085 1072->1006 1074->1006 1078 6a759f-6a75a2 1075->1078 1079 6a75a4-6a75ba call 69d497 1075->1079 1078->1013 1078->1079 1089 6a75bc-6a75c1 1079->1089 1090 6a75c3-6a75db call 69cabe 1079->1090 1081->1006 1082->1075 1084->1059 1091 6a7533-6a7538 1084->1091 1085->1006 1089->1006 1094 6a75dd-6a75e2 1090->1094 1095 6a75e4-6a75fb call 69c7df 1090->1095 1091->1006 1094->1006 1095->1013 1098 6a75fd 1095->1098 1098->1006
                                                                                                    Strings
                                                                                                    • Failed to initialize variables., xrefs: 006A737E
                                                                                                    • Failed to get manifest stream from container., xrefs: 006A73D9
                                                                                                    • Failed to open attached UX container., xrefs: 006A739B
                                                                                                    • Failed to set original source variable., xrefs: 006A7558
                                                                                                    • Failed to load manifest., xrefs: 006A73F5
                                                                                                    • WixBundleSourceProcessPath, xrefs: 006A74E6
                                                                                                    • Failed to initialize internal cache functionality., xrefs: 006A758D
                                                                                                    • Failed to parse command line., xrefs: 006A7474
                                                                                                    • WixBundleOriginalSource, xrefs: 006A7547
                                                                                                    • Failed to get source process folder from path., xrefs: 006A7513
                                                                                                    • Failed to set source process folder variable., xrefs: 006A7533
                                                                                                    • WixBundleSourceProcessFolder, xrefs: 006A7522
                                                                                                    • Failed to open manifest stream., xrefs: 006A73B8
                                                                                                    • Failed to load catalog files., xrefs: 006A75FD
                                                                                                    • Failed to extract bootstrapper application payloads., xrefs: 006A75DD
                                                                                                    • Failed to overwrite the %ls built-in variable., xrefs: 006A74C9
                                                                                                    • Failed to set source process path variable., xrefs: 006A74F7
                                                                                                    • Failed to get unique temporary folder for bootstrapper application., xrefs: 006A75BC
                                                                                                    • WixBundleElevated, xrefs: 006A74B3, 006A74C4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalInitializeSection
                                                                                                    • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
                                                                                                    • API String ID: 32694325-252221001
                                                                                                    • Opcode ID: b82ba84fb5d6fd8b43dd6419d4d315c0ee7cdb855cc17bdef871312a2b2d285c
                                                                                                    • Instruction ID: 3fa62f5f409f57b78bc35688553da89659f65c19d490eddab2fba943e26b2e2c
                                                                                                    • Opcode Fuzzy Hash: b82ba84fb5d6fd8b43dd6419d4d315c0ee7cdb855cc17bdef871312a2b2d285c
                                                                                                    • Instruction Fuzzy Hash: 81917672D45A1ABBCB12AAA4CC41FEEB7AEBF05710F01422AF505E7241DB309E458FD4
                                                                                                    Function 006A84C4 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 205fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1099 6a84c4-6a8512 CreateFileW 1100 6a8558-6a8568 call 6d47d3 1099->1100 1101 6a8514-6a8553 GetLastError call 6937d3 call 6d012f 1099->1101 1107 6a856a-6a857b call 6d012f 1100->1107 1108 6a8580-6a8594 call 6d3db5 1100->1108 1112 6a86fc-6a870e call 6bde36 1101->1112 1115 6a86f5-6a86f6 FindCloseChangeNotification 1107->1115 1116 6a85af-6a85b4 1108->1116 1117 6a8596-6a85aa call 6d012f 1108->1117 1115->1112 1116->1115 1119 6a85ba-6a85c9 SetFilePointerEx 1116->1119 1117->1115 1122 6a85cb-6a85fe GetLastError call 6937d3 1119->1122 1123 6a8603-6a8613 call 6d4cee 1119->1123 1129 6a86ed-6a86f4 call 6d012f 1122->1129 1130 6a861f-6a8630 SetFilePointerEx 1123->1130 1131 6a8615-6a861a 1123->1131 1129->1115 1132 6a866a-6a867a call 6d4cee 1130->1132 1133 6a8632-6a8665 GetLastError call 6937d3 1130->1133 1131->1129 1132->1131 1140 6a867c-6a868c call 6d4cee 1132->1140 1133->1129 1140->1131 1143 6a868e-6a869f SetFilePointerEx 1140->1143 1144 6a86a1-6a86d4 GetLastError call 6937d3 1143->1144 1145 6a86d6-6a86dd call 6d4cee 1143->1145 1144->1129 1149 6a86e2-6a86e6 1145->1149 1149->1115 1150 6a86e8 1149->1150 1150->1129
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00694CB6,?,?,00000000,00694CB6,00000000), ref: 006A8507
                                                                                                    • GetLastError.KERNEL32 ref: 006A8514
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,006DB4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006A86F6
                                                                                                    Strings
                                                                                                    • Failed to zero out original data offset., xrefs: 006A86E8
                                                                                                    • cache.cpp, xrefs: 006A8538, 006A85EF, 006A8656, 006A86C5
                                                                                                    • Failed to seek to checksum in exe header., xrefs: 006A85F9
                                                                                                    • msi.dll, xrefs: 006A8608
                                                                                                    • cabinet.dll, xrefs: 006A866F
                                                                                                    • Failed to seek to signature table in exe header., xrefs: 006A8660
                                                                                                    • Failed to seek to original data in exe burn section header., xrefs: 006A86CF
                                                                                                    • Failed to copy engine from: %ls to: %ls, xrefs: 006A859C
                                                                                                    • Failed to seek to beginning of engine file: %ls, xrefs: 006A856D
                                                                                                    • Failed to create engine file at path: %ls, xrefs: 006A8545
                                                                                                    • Failed to update signature offset., xrefs: 006A8615
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChangeCloseCreateErrorFileFindLastNotification
                                                                                                    • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                    • API String ID: 4091947256-1976062716
                                                                                                    • Opcode ID: 33305c22fa889695d26dfb15b2b2cc4a815efc333c0a03b80ee6f699932566e2
                                                                                                    • Instruction ID: d7ab2315a936d5cba139b5054f66caea2c48816f51f9149a34358b1a8fb4f6d2
                                                                                                    • Opcode Fuzzy Hash: 33305c22fa889695d26dfb15b2b2cc4a815efc333c0a03b80ee6f699932566e2
                                                                                                    • Instruction Fuzzy Hash: 6451CB72E41321BFFB516A658C46F7B369BEF05750F02112AFD00EB291EB608D019BE9
                                                                                                    Function 00697503 Relevance: 33.4, APIs: 1, Strings: 21, Instructions: 378COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1151 697503-697dc0 InitializeCriticalSection 1152 697dc3-697de0 call 695530 1151->1152 1155 697ded-697dfb call 6d012f 1152->1155 1156 697de2-697de9 1152->1156 1159 697dfe-697e10 call 6bde36 1155->1159 1156->1152 1157 697deb 1156->1157 1157->1159
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(006A7378,006952B5,00000000,0069533D), ref: 00697523
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalInitializeSection
                                                                                                    • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleVersion
                                                                                                    • API String ID: 32694325-826827252
                                                                                                    • Opcode ID: 48903e19ce1f2fb9606878dac906171d5491a897cdbd372999f73faa88256366
                                                                                                    • Instruction ID: 79d566859bc35a5fd14518e7f9cc47a201e19709bc43d1db7da486fec8d64cfd
                                                                                                    • Opcode Fuzzy Hash: 48903e19ce1f2fb9606878dac906171d5491a897cdbd372999f73faa88256366
                                                                                                    • Instruction Fuzzy Hash: 1D3216B0C2527D8BDB65CF59898879DBEB9BB49B14F5081DBE10CAA311D7B10A84CF84
                                                                                                    Function 006A80AE Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 151COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1163 6a80ae-6a80f7 call 6bf670 1166 6a80fd-6a810b GetCurrentProcess call 6d076c 1163->1166 1167 6a8270-6a827d call 6921a5 1163->1167 1171 6a8110-6a811d 1166->1171 1172 6a827f 1167->1172 1173 6a828c-6a829e call 6bde36 1167->1173 1174 6a81ab-6a81b9 GetTempPathW 1171->1174 1175 6a8123-6a8132 GetWindowsDirectoryW 1171->1175 1178 6a8284-6a828b call 6d012f 1172->1178 1176 6a81bb-6a81ee GetLastError call 6937d3 1174->1176 1177 6a81f3-6a8205 UuidCreate 1174->1177 1179 6a816c-6a817d call 69338f 1175->1179 1180 6a8134-6a8167 GetLastError call 6937d3 1175->1180 1176->1178 1184 6a820e-6a8223 StringFromGUID2 1177->1184 1185 6a8207-6a820c 1177->1185 1178->1173 1195 6a8189-6a819f call 6936b4 1179->1195 1196 6a817f-6a8184 1179->1196 1180->1178 1192 6a8241-6a8262 call 691f20 1184->1192 1193 6a8225-6a823f call 6937d3 1184->1193 1185->1178 1202 6a826b 1192->1202 1203 6a8264-6a8269 1192->1203 1193->1178 1195->1177 1205 6a81a1-6a81a6 1195->1205 1196->1178 1202->1167 1203->1178 1205->1178
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00695381), ref: 006A8104
                                                                                                      • Part of subcall function 006D076C: OpenProcessToken.ADVAPI32(?,00000008,?,006952B5,00000000,?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D078A
                                                                                                      • Part of subcall function 006D076C: GetLastError.KERNEL32(?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D0794
                                                                                                      • Part of subcall function 006D076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D081D
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 006A812A
                                                                                                    • GetLastError.KERNEL32 ref: 006A8134
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 006A81B1
                                                                                                    • GetLastError.KERNEL32 ref: 006A81BB
                                                                                                    Strings
                                                                                                    • Temp\, xrefs: 006A8189
                                                                                                    • Failed to ensure windows path for working folder ended in backslash., xrefs: 006A817F
                                                                                                    • cache.cpp, xrefs: 006A8158, 006A81DF, 006A8230
                                                                                                    • Failed to copy working folder path., xrefs: 006A827F
                                                                                                    • Failed to get temp path for working folder., xrefs: 006A81E9
                                                                                                    • %ls%ls\, xrefs: 006A824C
                                                                                                    • Failed to get windows path for working folder., xrefs: 006A8162
                                                                                                    • Failed to append bundle id on to temp path for working folder., xrefs: 006A8264
                                                                                                    • Failed to concat Temp directory on windows path for working folder., xrefs: 006A81A1
                                                                                                    • Failed to create working folder guid., xrefs: 006A8207
                                                                                                    • Failed to convert working folder guid into string., xrefs: 006A823A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
                                                                                                    • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                    • API String ID: 58964441-819636856
                                                                                                    • Opcode ID: aa900e5db5a52938a282f3d2e7dbb51bd02858bc449c6ebcd374284dc452a7b7
                                                                                                    • Instruction ID: dd7838c6edb3b2cf3314d9426aa7a36200e4ea23d232568fea7db618218b7792
                                                                                                    • Opcode Fuzzy Hash: aa900e5db5a52938a282f3d2e7dbb51bd02858bc449c6ebcd374284dc452a7b7
                                                                                                    • Instruction Fuzzy Hash: E3413B72F41724BBEB60A6B5CC49FAB73AEAB01750F010156FD05E7140EA309E058AE5
                                                                                                    Function 006B0E43 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 210COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1206 6b0e43-6b0e6f CoInitializeEx 1207 6b0e83-6b0ece call 6cf364 1206->1207 1208 6b0e71-6b0e7e call 6d012f 1206->1208 1214 6b0ef8-6b0f1a call 6cf374 1207->1214 1215 6b0ed0-6b0ef3 call 6937d3 call 6d012f 1207->1215 1213 6b10df-6b10f1 call 6bde36 1208->1213 1223 6b0fd3-6b0fde SetEvent 1214->1223 1224 6b0f20-6b0f28 1214->1224 1231 6b10d8-6b10d9 CoUninitialize 1215->1231 1225 6b101b-6b1029 WaitForSingleObject 1223->1225 1226 6b0fe0-6b1009 GetLastError call 6937d3 1223->1226 1228 6b0f2e-6b0f34 1224->1228 1229 6b10d0-6b10d3 call 6cf384 1224->1229 1233 6b105b-6b1066 ResetEvent 1225->1233 1234 6b102b-6b1059 GetLastError call 6937d3 1225->1234 1248 6b100e-6b1016 call 6d012f 1226->1248 1228->1229 1235 6b0f3a-6b0f42 1228->1235 1229->1231 1231->1213 1238 6b109b-6b10a1 1233->1238 1239 6b1068-6b1096 GetLastError call 6937d3 1233->1239 1234->1248 1236 6b0fbb-6b0fce call 6d012f 1235->1236 1237 6b0f44-6b0f46 1235->1237 1236->1229 1242 6b0f58-6b0f5b 1237->1242 1243 6b0f48-6b0f56 1237->1243 1246 6b10cb 1238->1246 1247 6b10a3-6b10a6 1238->1247 1239->1248 1251 6b0f5d 1242->1251 1252 6b0fb5 1242->1252 1250 6b0fb7-6b0fb9 1243->1250 1246->1229 1255 6b10a8-6b10c2 call 6937d3 1247->1255 1256 6b10c7-6b10c9 1247->1256 1248->1229 1250->1223 1250->1236 1258 6b0f6b-6b0f70 1251->1258 1259 6b0faa-6b0faf 1251->1259 1260 6b0f79-6b0f7e 1251->1260 1261 6b0f8e-6b0f93 1251->1261 1262 6b0f9c-6b0fa1 1251->1262 1263 6b0fa3-6b0fa8 1251->1263 1264 6b0f72-6b0f77 1251->1264 1265 6b0fb1-6b0fb3 1251->1265 1266 6b0f80-6b0f85 1251->1266 1267 6b0f87-6b0f8c 1251->1267 1268 6b0f95-6b0f9a 1251->1268 1269 6b0f64-6b0f69 1251->1269 1252->1250 1255->1248 1256->1229 1258->1236 1259->1236 1260->1236 1261->1236 1262->1236 1263->1236 1264->1236 1265->1236 1266->1236 1267->1236 1268->1236 1269->1236
                                                                                                    APIs
                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 006B0E65
                                                                                                    • CoUninitialize.OLE32 ref: 006B10D9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeUninitialize
                                                                                                    • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                    • API String ID: 3442037557-1168358783
                                                                                                    • Opcode ID: ebd2ce582e4eb72083f29ac82c949c80b7371c524e21d88fc70bf29968ec2ec8
                                                                                                    • Instruction ID: e70d4c8492cfd63eb15c1651345cf6833599787a88115e23db8c5bd1b39608c8
                                                                                                    • Opcode Fuzzy Hash: ebd2ce582e4eb72083f29ac82c949c80b7371c524e21d88fc70bf29968ec2ec8
                                                                                                    • Instruction Fuzzy Hash: 2B516CB6E80361F7E73066A58D45EFB7A5B9B41760B13022AFC02BF380DA659CC187D5
                                                                                                    Function 006941D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1273 6941d2-694229 InitializeCriticalSection * 2 call 6a4b0e * 2 1278 69434d-694357 call 69b389 1273->1278 1279 69422f 1273->1279 1284 69435c-694360 1278->1284 1280 694235-694242 1279->1280 1282 694248-694274 lstrlenW * 2 CompareStringW 1280->1282 1283 694340-694347 1280->1283 1285 6942c6-6942f2 lstrlenW * 2 CompareStringW 1282->1285 1286 694276-694299 lstrlenW 1282->1286 1283->1278 1283->1280 1287 69436f-694377 1284->1287 1288 694362-69436e call 6d012f 1284->1288 1285->1283 1289 6942f4-694317 lstrlenW 1285->1289 1290 69429f-6942a4 1286->1290 1291 694385-69439a call 6937d3 1286->1291 1288->1287 1294 69431d-694322 1289->1294 1295 6943b1-6943cb call 6937d3 1289->1295 1290->1291 1296 6942aa-6942ba call 6929dc 1290->1296 1302 69439f-6943a6 1291->1302 1294->1295 1299 694328-694338 call 6929dc 1294->1299 1295->1302 1308 69437a-694383 1296->1308 1309 6942c0 1296->1309 1299->1308 1311 69433a 1299->1311 1306 6943a7-6943af call 6d012f 1302->1306 1306->1287 1308->1306 1309->1285 1311->1283
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,0069515E,?,?,00000000,?,?), ref: 006941FE
                                                                                                    • InitializeCriticalSection.KERNEL32(000000D0,?,?,0069515E,?,?,00000000,?,?), ref: 00694207
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,0069515E,?,?,00000000,?,?), ref: 0069424D
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,0069515E,?,?,00000000,?,?), ref: 00694257
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,0069515E,?,?,00000000,?,?), ref: 0069426B
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,0069515E,?,?,00000000,?,?), ref: 0069427B
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,0069515E,?,?,00000000,?,?), ref: 006942CB
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,0069515E,?,?,00000000,?,?), ref: 006942D5
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,0069515E,?,?,00000000,?,?), ref: 006942E9
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,0069515E,?,?,00000000,?,?), ref: 006942F9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                    • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                    • API String ID: 3039292287-3209860532
                                                                                                    • Opcode ID: cb2fc917e1fa595306dd92b074c912408344a08f1f0df1631f9b677f770e7eab
                                                                                                    • Instruction ID: 84a7617c0f58757c6d6bc792fde04fb5fe71192e5b10e80706f747e1c88e08b1
                                                                                                    • Opcode Fuzzy Hash: cb2fc917e1fa595306dd92b074c912408344a08f1f0df1631f9b677f770e7eab
                                                                                                    • Instruction Fuzzy Hash: 2D51B571E40215FFCB249B65DC46FAA776EEB05760F02011BF618D7390DB70A951C7A8
                                                                                                    Function 0069C129 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 128fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1313 69c129-69c15b 1314 69c15d-69c17b CreateFileW 1313->1314 1315 69c1c5-69c1e1 GetCurrentProcess * 2 DuplicateHandle 1313->1315 1316 69c21d-69c223 1314->1316 1317 69c181-69c1b2 GetLastError call 6937d3 1314->1317 1318 69c21b 1315->1318 1319 69c1e3-69c219 GetLastError call 6937d3 1315->1319 1320 69c22d 1316->1320 1321 69c225-69c22b 1316->1321 1327 69c1b7-69c1c0 call 6d012f 1317->1327 1318->1316 1319->1327 1324 69c22f-69c23d SetFilePointerEx 1320->1324 1321->1324 1328 69c23f-69c272 GetLastError call 6937d3 1324->1328 1329 69c274-69c27a 1324->1329 1331 69c298-69c29e 1327->1331 1337 69c290-69c297 call 6d012f 1328->1337 1329->1331 1332 69c27c-69c280 call 6b1484 1329->1332 1338 69c285-69c289 1332->1338 1337->1331 1338->1331 1339 69c28b 1338->1339 1339->1337
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,0069C319,006952FD,?,?,0069533D), ref: 0069C170
                                                                                                    • GetLastError.KERNEL32(?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 0069C181
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?), ref: 0069C1D0
                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 0069C1D6
                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 0069C1D9
                                                                                                    • GetLastError.KERNEL32(?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 0069C1E3
                                                                                                    • SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 0069C235
                                                                                                    • GetLastError.KERNEL32(?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 0069C23F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                    • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
                                                                                                    • API String ID: 2619879409-373955632
                                                                                                    • Opcode ID: aee5a4a38522ffc2d6db05b404ccce026e368297c7abd5a1dfe2b7dfe6ad3a20
                                                                                                    • Instruction ID: eedaf607c57a7d08723fb697885929b673a4f3d18009c4cfb4ae8df85b730c22
                                                                                                    • Opcode Fuzzy Hash: aee5a4a38522ffc2d6db05b404ccce026e368297c7abd5a1dfe2b7dfe6ad3a20
                                                                                                    • Instruction Fuzzy Hash: A641CE72640301ABEB209F6A9C45F573BEBEF85760F12412AF919DB391DA31C901DBA4
                                                                                                    Function 006D29B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1342 6d29b3-6d29d3 call 6937ea 1345 6d29d9-6d29e7 call 6d4932 1342->1345 1346 6d2af2-6d2af6 1342->1346 1350 6d29ec-6d2af1 GetProcAddress * 7 1345->1350 1348 6d2af8-6d2afb call 6d54ef 1346->1348 1349 6d2b00-6d2b06 1346->1349 1348->1349 1350->1346
                                                                                                    APIs
                                                                                                      • Part of subcall function 006937EA: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00693829
                                                                                                      • Part of subcall function 006937EA: GetLastError.KERNEL32 ref: 00693833
                                                                                                      • Part of subcall function 006D4932: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 006D495A
                                                                                                    • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 006D29FD
                                                                                                    • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 006D2A20
                                                                                                    • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 006D2A43
                                                                                                    • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 006D2A66
                                                                                                    • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 006D2A89
                                                                                                    • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 006D2AAC
                                                                                                    • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 006D2ACF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                    • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                    • API String ID: 2510051996-1735120554
                                                                                                    • Opcode ID: 0cac6982c34d59992c8ccbb196faca2314977e9e05eac77f360e2ca1f1c8afec
                                                                                                    • Instruction ID: 239a970d74e34d9e3e7042e9d5536d70cf8b9a83f24069641332a0ff138543d8
                                                                                                    • Opcode Fuzzy Hash: 0cac6982c34d59992c8ccbb196faca2314977e9e05eac77f360e2ca1f1c8afec
                                                                                                    • Instruction Fuzzy Hash: 1131E9B0A45218AFDB58DF25EC62A393BFBFB45704741752EF50AD22A0E7B19900DF40
                                                                                                    Function 006B1484 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 103COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,0069C285,?,00000000,?,0069C319), ref: 006B14BB
                                                                                                    • GetLastError.KERNEL32(?,0069C285,?,00000000,?,0069C319,006952FD,?,?,0069533D,0069533D,00000000,?,00000000), ref: 006B14C4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorEventLast
                                                                                                    • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
                                                                                                    • API String ID: 545576003-938279966
                                                                                                    • Opcode ID: ae1a55308957173630c2dc301af56f378de9766f72498d2febd3afc10e766705
                                                                                                    • Instruction ID: 8b8f9c9f6dd832a93d3649b5e2702f8192ae82b731b930822ffaa3a43ac012ad
                                                                                                    • Opcode Fuzzy Hash: ae1a55308957173630c2dc301af56f378de9766f72498d2febd3afc10e766705
                                                                                                    • Instruction Fuzzy Hash: CC2108F2A41735BAF72056BA5C51FA72ADFEB44790F030226BC05EB680D660DD4146F5
                                                                                                    Function 006CFBAD Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 74libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 006CFBD5
                                                                                                    • GetProcAddress.KERNEL32(SystemFunction041), ref: 006CFBE7
                                                                                                    • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 006CFC2A
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 006CFC3E
                                                                                                    • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 006CFC76
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 006CFC8A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$ErrorLast
                                                                                                    • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                    • API String ID: 4214558900-3191127217
                                                                                                    • Opcode ID: b498e62f39f74c2fdb9399753c9986be5a57e5a986d8e55b60bd224bec23e853
                                                                                                    • Instruction ID: 4f32e4ea8ae0f6380d5c470bdd5ebc34bc5c4b2644d273110345acaacc645c6e
                                                                                                    • Opcode Fuzzy Hash: b498e62f39f74c2fdb9399753c9986be5a57e5a986d8e55b60bd224bec23e853
                                                                                                    • Instruction Fuzzy Hash: D4219F75B4032A9AE7216F2AED04F777AD7EB10740F02313AFD10EA660E7688C01DA94
                                                                                                    Function 006B0627 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 006B0657
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 006B066F
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 006B0674
                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 006B0677
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 006B0681
                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 006B06F0
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 006B06FD
                                                                                                    Strings
                                                                                                    • Failed to open cabinet file: %hs, xrefs: 006B072E
                                                                                                    • <the>.cab, xrefs: 006B0650
                                                                                                    • Failed to duplicate handle to cab container., xrefs: 006B06AF
                                                                                                    • cabextract.cpp, xrefs: 006B06A5, 006B0721
                                                                                                    • Failed to add virtual file pointer for cab container., xrefs: 006B06D6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                    • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                    • API String ID: 3030546534-3446344238
                                                                                                    • Opcode ID: 79d10a03980ce4d110dd0fb7d9aa96d952ddd9d0b9a4b5480f0f60432d835c6e
                                                                                                    • Instruction ID: 64c063c71797c28de606d67724437ae56d5337b066887fa33f2be3cebe3bff15
                                                                                                    • Opcode Fuzzy Hash: 79d10a03980ce4d110dd0fb7d9aa96d952ddd9d0b9a4b5480f0f60432d835c6e
                                                                                                    • Instruction Fuzzy Hash: B431C8B2D42725FBEB205BA68C49E9B7F9EEF08750F120116FD04E7650D7209D5187E4
                                                                                                    Function 006A6859 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,00694D0B,?,?), ref: 006A6879
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?,00694D0B,?,?), ref: 006A687F
                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,?,00694D0B,?,?), ref: 006A6882
                                                                                                    • GetLastError.KERNEL32(?,?,00694D0B,?,?), ref: 006A688C
                                                                                                    • CloseHandle.KERNEL32(000000FF,?,00694D0B,?,?), ref: 006A6905
                                                                                                    Strings
                                                                                                    • core.cpp, xrefs: 006A68B0
                                                                                                    • Failed to duplicate file handle for attached container., xrefs: 006A68BA
                                                                                                    • burn.filehandle.attached, xrefs: 006A68D2
                                                                                                    • Failed to append the file handle to the command line., xrefs: 006A68ED
                                                                                                    • %ls -%ls=%u, xrefs: 006A68D9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                                                    • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
                                                                                                    • API String ID: 4224961946-4196573879
                                                                                                    • Opcode ID: 8da09c1ce58c6b6a7e7ddc501f64905fa867f973392c7f2a443b4d8a26cd9556
                                                                                                    • Instruction ID: f84df02c192a8e255540944705a939e2d4bf7d8dd3064b9d5aa88cc933665c27
                                                                                                    • Opcode Fuzzy Hash: 8da09c1ce58c6b6a7e7ddc501f64905fa867f973392c7f2a443b4d8a26cd9556
                                                                                                    • Instruction Fuzzy Hash: AC11D631E01329FBDB10ABB99D05A9F7BAEAF05B30F110216F921E72D0D7758D019AA0
                                                                                                    Function 006A6915 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 006A694B
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 006A69BB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateFileHandle
                                                                                                    • String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
                                                                                                    • API String ID: 3498533004-3263533295
                                                                                                    • Opcode ID: 93b9fe33a9c37bc32fdccd7dd31c2db348a446b541e3aebfed51bacd172e9482
                                                                                                    • Instruction ID: 7bf373650e3d33ca651f1a04084f761e9ad6d1015ba318e490491d93aeb13b92
                                                                                                    • Opcode Fuzzy Hash: 93b9fe33a9c37bc32fdccd7dd31c2db348a446b541e3aebfed51bacd172e9482
                                                                                                    • Instruction Fuzzy Hash: 46115B32A01325BBCB206A69DC05F9B7BAEDB46B30F060325FD25EB2E1D7705C018A91
                                                                                                    Function 006D076C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenProcessToken.ADVAPI32(?,00000008,?,006952B5,00000000,?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D078A
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D0794
                                                                                                    • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D07C6
                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,006A74AB,00000000), ref: 006D081D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                                                    • String ID: procutil.cpp
                                                                                                    • API String ID: 2387526074-1178289305
                                                                                                    • Opcode ID: 51f6d9c426c1454357793ab69e486e8c1a0dfee497710271768de7a464c8aa5d
                                                                                                    • Instruction ID: 73d08e1b72de327b32384611eabec9634b49315d7f7047b2452b5ceb15567ea5
                                                                                                    • Opcode Fuzzy Hash: 51f6d9c426c1454357793ab69e486e8c1a0dfee497710271768de7a464c8aa5d
                                                                                                    • Instruction Fuzzy Hash: 70218471D41228EBEB109B959C44BDEBBE9EF54710F124167ED15EB250D3704E00EBE0
                                                                                                    Function 006D343B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitialize.OLE32(00000000), ref: 006D344A
                                                                                                    • InterlockedIncrement.KERNEL32(006FB6D8), ref: 006D3467
                                                                                                    • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,006FB6C8,?,?,?,?,?,?), ref: 006D3482
                                                                                                    • CLSIDFromProgID.OLE32(MSXML.DOMDocument,006FB6C8,?,?,?,?,?,?), ref: 006D348E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                    • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                    • API String ID: 2109125048-2356320334
                                                                                                    • Opcode ID: e9fdcca58eec4a38aa9018277cd7b94b62f82e44d37ce32e344bc4fbff35ed99
                                                                                                    • Instruction ID: a958644da318ef2db704a217c2e67398befc7f6658aa342b8233bd69b8486063
                                                                                                    • Opcode Fuzzy Hash: e9fdcca58eec4a38aa9018277cd7b94b62f82e44d37ce32e344bc4fbff35ed99
                                                                                                    • Instruction Fuzzy Hash: 97F03061F4523997D7224FA5ED0DB6B2EA7AB80F65B12342FF900D1398D3688941C6B2
                                                                                                    Function 006D4932 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 006D495A
                                                                                                    • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 006D4989
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 006D49B3
                                                                                                    • GetLastError.KERNEL32(00000000,006DB790,?,?,?,00000000,00000000,00000000), ref: 006D49F4
                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 006D4A28
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$Global$AllocFree
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 1145190524-2967768451
                                                                                                    • Opcode ID: ef947b7d37bf55360e963810e206934b833f253c6dc06b27719907750d95ac90
                                                                                                    • Instruction ID: 83f1424ddf56cf876e075becc2d0e6afa94fd147bc7acdc1d6d25c2779da7035
                                                                                                    • Opcode Fuzzy Hash: ef947b7d37bf55360e963810e206934b833f253c6dc06b27719907750d95ac90
                                                                                                    • Instruction Fuzzy Hash: F0217575E40329ABDB119BA68C45AEFBBAAEF84364B114157FD05EB310DB308D0096B4
                                                                                                    Function 006B07E4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 006B088A
                                                                                                    • GetLastError.KERNEL32(?,?,?), ref: 006B0894
                                                                                                    Strings
                                                                                                    • Invalid seek type., xrefs: 006B0820
                                                                                                    • Failed to move file pointer 0x%x bytes., xrefs: 006B08C5
                                                                                                    • cabextract.cpp, xrefs: 006B08B8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                    • API String ID: 2976181284-417918914
                                                                                                    • Opcode ID: a11a430de212090caeb079070f24543978f91693cfbc68ac8188cc5adfd6a20b
                                                                                                    • Instruction ID: 3e91a1c5c4753349d14962b947b4098bf389e9830bd7a910663c81c4701af1ab
                                                                                                    • Opcode Fuzzy Hash: a11a430de212090caeb079070f24543978f91693cfbc68ac8188cc5adfd6a20b
                                                                                                    • Instruction Fuzzy Hash: 0431C471A00219FFDB04CFA9CC849AAB7AAFB04710B01822AF91597750D730EA518BD0
                                                                                                    Function 00694013 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateDirectoryW.KERNELBASE(0069533D,006953B5,00000000,00000000,?,006A9EE4,00000000,00000000,0069533D,00000000,006952B5,00000000,?,=Si,0069D4AC,=Si), ref: 00694021
                                                                                                    • GetLastError.KERNEL32(?,006A9EE4,00000000,00000000,0069533D,00000000,006952B5,00000000,?,=Si,0069D4AC,=Si,00000000,00000000), ref: 0069402F
                                                                                                    • CreateDirectoryW.KERNEL32(0069533D,006953B5,00695381,?,006A9EE4,00000000,00000000,0069533D,00000000,006952B5,00000000,?,=Si,0069D4AC,=Si,00000000), ref: 00694097
                                                                                                    • GetLastError.KERNEL32(?,006A9EE4,00000000,00000000,0069533D,00000000,006952B5,00000000,?,=Si,0069D4AC,=Si,00000000,00000000), ref: 006940A1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                    • String ID: dirutil.cpp
                                                                                                    • API String ID: 1375471231-2193988115
                                                                                                    • Opcode ID: 0a26e3b790921399aa8259833cb4a30e1bb7e5f8b80ccf5c1f5d0a2c626ec29a
                                                                                                    • Instruction ID: d500b8dd0bba6a570c34375a4d69419a1b34b864d70320b99f35b7c95dcfe3d4
                                                                                                    • Opcode Fuzzy Hash: 0a26e3b790921399aa8259833cb4a30e1bb7e5f8b80ccf5c1f5d0a2c626ec29a
                                                                                                    • Instruction Fuzzy Hash: D611D525600321E6EF311BA14C44FBBB65EEF55B60F114126FF05DBA50DF608C0392A1
                                                                                                    Function 006D0917 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00694E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 006D0927
                                                                                                    • GetLastError.KERNEL32(?,?,00694E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 006D0935
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastObjectSingleWait
                                                                                                    • String ID: procutil.cpp
                                                                                                    • API String ID: 1211598281-1178289305
                                                                                                    • Opcode ID: 0a76aac5d8cca59508ab5ed3ddf04857b5982597ed4936ae60d69904ca97e418
                                                                                                    • Instruction ID: 1c9630192b8d3e7dc3c04950c26680692497b21ecd69b7f3238e57e209f2ebf7
                                                                                                    • Opcode Fuzzy Hash: 0a76aac5d8cca59508ab5ed3ddf04857b5982597ed4936ae60d69904ca97e418
                                                                                                    • Instruction Fuzzy Hash: A8118E36E01225EBFB209BA58C08BAB7BE6EB04360F225217FD15EB351D2358D0196E5
                                                                                                    Function 00691209 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00695137,00000000,?), ref: 00691247
                                                                                                    • GetLastError.KERNEL32(?,?,?,00695137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00691251
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ArgvCommandErrorLastLine
                                                                                                    • String ID: apputil.cpp$ignored
                                                                                                    • API String ID: 3459693003-568828354
                                                                                                    • Opcode ID: 96855c6f94c677ed95e92d3686c0fed20a82faed289ae94040f9e3a2f1423ea7
                                                                                                    • Instruction ID: e2035e58350ddccd7aca56d34bda785c2a8c7741fcdeb451e05fa2f30076233d
                                                                                                    • Opcode Fuzzy Hash: 96855c6f94c677ed95e92d3686c0fed20a82faed289ae94040f9e3a2f1423ea7
                                                                                                    • Instruction Fuzzy Hash: F3118F71E00229FB9F11EF99D805DAFBBEEEF45750B12415AFC04EB610E7309E409AA0
                                                                                                    Function 006B074E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006B114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,006B077D,?,?,?), ref: 006B1177
                                                                                                      • Part of subcall function 006B114F: GetLastError.KERNEL32(?,006B077D,?,?,?), ref: 006B1181
                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 006B078B
                                                                                                    • GetLastError.KERNEL32 ref: 006B0795
                                                                                                    Strings
                                                                                                    • Failed to read during cabinet extraction., xrefs: 006B07C3
                                                                                                    • cabextract.cpp, xrefs: 006B07B9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$PointerRead
                                                                                                    • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                    • API String ID: 2170121939-2426083571
                                                                                                    • Opcode ID: 4eb6b159b290ad5d557ced98e6fa7fa83cf53a11e4b60dca5eb9071fb2ccb544
                                                                                                    • Instruction ID: 6231a491bed4f04747fbb6ecbe9ae97d8d2e83c500d726329225d5ec30d709bd
                                                                                                    • Opcode Fuzzy Hash: 4eb6b159b290ad5d557ced98e6fa7fa83cf53a11e4b60dca5eb9071fb2ccb544
                                                                                                    • Instruction Fuzzy Hash: C1016572A01264FBDB109FA9DC05E9A7BAAFF05760F01011AFD09D7650D7319A11DBD4
                                                                                                    Function 006B114F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,006B077D,?,?,?), ref: 006B1177
                                                                                                    • GetLastError.KERNEL32(?,006B077D,?,?,?), ref: 006B1181
                                                                                                    Strings
                                                                                                    • Failed to move to virtual file pointer., xrefs: 006B11AF
                                                                                                    • cabextract.cpp, xrefs: 006B11A5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                    • API String ID: 2976181284-3005670968
                                                                                                    • Opcode ID: b11979cf3ce6721ad0c8e6b519beb5f73540bc2b9d822b0546e3e463d591471f
                                                                                                    • Instruction ID: a3477f685a79c640080bbf463a96785ea39f2541c97f75c5de8e71e693a951dd
                                                                                                    • Opcode Fuzzy Hash: b11979cf3ce6721ad0c8e6b519beb5f73540bc2b9d822b0546e3e463d591471f
                                                                                                    • Instruction Fuzzy Hash: 21012B76601335BBDB115AAA9C04EC7BF9BEF02770B01812AFD189A610D7319C10C7E4
                                                                                                    Function 006D3DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 006D3E5E
                                                                                                    • GetLastError.KERNEL32 ref: 006D3EC1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastRead
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 1948546556-2967768451
                                                                                                    • Opcode ID: df0f0a35861cdfa79c51e413dc036fea0239c8522ace264792ec1b761d5ff38a
                                                                                                    • Instruction ID: 1602dc5efe7baf70cb1d253a03bbc335121c2c5d56f5374843104f94f31be6c9
                                                                                                    • Opcode Fuzzy Hash: df0f0a35861cdfa79c51e413dc036fea0239c8522ace264792ec1b761d5ff38a
                                                                                                    • Instruction Fuzzy Hash: 27413D71E002699BDB21CF59C9407EAB7B6EB48751F0041ABA949E7380D7B49EC4CBA1
                                                                                                    Function 0069501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00691104,?,?,00000000), ref: 0069503A
                                                                                                    • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00691104,?,?,00000000), ref: 0069506A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareStringlstrlen
                                                                                                    • String ID: burn.clean.room
                                                                                                    • API String ID: 1433953587-3055529264
                                                                                                    • Opcode ID: 3efa81f62492f85713677210e3c7a29fb12d3d217f18fb660f6a4f170d9fbf68
                                                                                                    • Instruction ID: 6e37404845c89ac9c0e592b02937bba312ebe68b210090e91e7ad25226436f3c
                                                                                                    • Opcode Fuzzy Hash: 3efa81f62492f85713677210e3c7a29fb12d3d217f18fb660f6a4f170d9fbf68
                                                                                                    • Instruction Fuzzy Hash: E10186B2500625AE87214F999C84DB7B76FFB187507105117FA4EC3B20D7719C54C7E2
                                                                                                    Function 006D4CEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,006D3E85,?,?,?), ref: 006D4D12
                                                                                                    • GetLastError.KERNEL32(?,?,006D3E85,?,?,?), ref: 006D4D1C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 442123175-2967768451
                                                                                                    • Opcode ID: 6720d4d91f0a91d1adf4e5acb2b8cf22f4c54a5b07371fd22d82f472e0b6b61f
                                                                                                    • Instruction ID: fa0033b268b11d5efeac56016692b9a6e81c139c760b593410a04595963b0199
                                                                                                    • Opcode Fuzzy Hash: 6720d4d91f0a91d1adf4e5acb2b8cf22f4c54a5b07371fd22d82f472e0b6b61f
                                                                                                    • Instruction Fuzzy Hash: 3EF03172A02229BBD7109E9ACD49E9FB7AFFF44761F114157FD15D7240DA30AD1086E0
                                                                                                    Function 006D47D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,006A8564,00000000,00000000,00000000,00000000,00000000), ref: 006D47EB
                                                                                                    • GetLastError.KERNEL32(?,?,?,006A8564,00000000,00000000,00000000,00000000,00000000), ref: 006D47F5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 2976181284-2967768451
                                                                                                    • Opcode ID: f81687259718a4e52dabf746e4360a3ab0dfe1a2d0279f9d51f5837bb533a79f
                                                                                                    • Instruction ID: 8776d8037811f1ddddf6a708b2c66ea7ad36190a2eb36ddaf90c2509da05cbc5
                                                                                                    • Opcode Fuzzy Hash: f81687259718a4e52dabf746e4360a3ab0dfe1a2d0279f9d51f5837bb533a79f
                                                                                                    • Instruction Fuzzy Hash: E8F03171E00269AFDB109F95DC09EAB7BAAEF08790B01411AFD05D7360D631DD10D7E4
                                                                                                    Function 006937EA Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00693829
                                                                                                    • GetLastError.KERNEL32 ref: 00693833
                                                                                                    • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 0069389B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 1230559179-0
                                                                                                    • Opcode ID: af9647a751cef24f784f5d3770a5fceeec6c6a91fe2a8449d8a026adc4fda0d7
                                                                                                    • Instruction ID: 52104c67a2bdb4add7545d78422f31ba34eb005bf684b944c8295abed5640686
                                                                                                    • Opcode Fuzzy Hash: af9647a751cef24f784f5d3770a5fceeec6c6a91fe2a8449d8a026adc4fda0d7
                                                                                                    • Instruction Fuzzy Hash: 952186B6D01339A7DF209BA49D49FEA776EDB04720F114165FD15EB341EA30DE4487A0
                                                                                                    Function 00693999 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00693B34,00000000,?,00691472,00000000,80004005,00000000,80004005,00000000,000001C7,?,006913B7), ref: 006939A3
                                                                                                    • RtlFreeHeap.NTDLL(00000000,?,00693B34,00000000,?,00691472,00000000,80004005,00000000,80004005,00000000,000001C7,?,006913B7,000001C7,00000100), ref: 006939AA
                                                                                                    • GetLastError.KERNEL32(?,00693B34,00000000,?,00691472,00000000,80004005,00000000,80004005,00000000,000001C7,?,006913B7,000001C7,00000100,?), ref: 006939B4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$ErrorFreeLastProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 406640338-0
                                                                                                    • Opcode ID: 5139e1dab1d14b5e7c8caa7e37d670b407767320e5e7c44d9a64ab6ae20b53eb
                                                                                                    • Instruction ID: 20b77faffcd1c04f3e789003dfd59000a09903f5bf17dca23a5ca80a1ccb2b6f
                                                                                                    • Opcode Fuzzy Hash: 5139e1dab1d14b5e7c8caa7e37d670b407767320e5e7c44d9a64ab6ae20b53eb
                                                                                                    • Instruction Fuzzy Hash: F0D01232A01234A787102BFA5C0C697BF9DEF095A17025022FD09D2214E725881086E4
                                                                                                    Function 006D0E3F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open
                                                                                                    • String ID: regutil.cpp
                                                                                                    • API String ID: 71445658-955085611
                                                                                                    • Opcode ID: b6d92001402de029e26bd71cf544c505a0425a6f779f7a7c9255e8297623619e
                                                                                                    • Instruction ID: bdb133f30eed0aff6d4bb916d4546293493cb83e0c9eb63b76adf641e2cb770c
                                                                                                    • Opcode Fuzzy Hash: b6d92001402de029e26bd71cf544c505a0425a6f779f7a7c9255e8297623619e
                                                                                                    • Instruction Fuzzy Hash: A9F0A772B01135ABEF245A569C01BB77EC6EF446A0F11862ABD49DA751D231CC10D3D4
                                                                                                    Function 006D3499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantInit.OLEAUT32(?), ref: 006D34CE
                                                                                                      • Part of subcall function 006D2F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,006D34DF,00000000,?,00000000), ref: 006D2F3D
                                                                                                      • Part of subcall function 006D2F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,006BBDED,?,006952FD,?,00000000,?), ref: 006D2F49
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorHandleInitLastModuleVariant
                                                                                                    • String ID:
                                                                                                    • API String ID: 52713655-0
                                                                                                    • Opcode ID: 2310d17d7d773fd10470381904570cf440cbd2d739061954b9725a936df0935c
                                                                                                    • Instruction ID: 1f3e3fedca3259ef4dff3920293d64d7d33ec3ad6f55031681d8a0fadb433d40
                                                                                                    • Opcode Fuzzy Hash: 2310d17d7d773fd10470381904570cf440cbd2d739061954b9725a936df0935c
                                                                                                    • Instruction Fuzzy Hash: 0F312DB6E006299BCB11DFA8D884ADEF7F9EF08710F01456AED15EB311D670DD048BA5
                                                                                                    Function 006D5728 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(80070490,00000000,80070490,006FAAA0,00000000,80070490,00000000,?,006A890E,WiX\Burn,PackageCache,00000000,006FAAA0,00000000,00000000,80070490), ref: 006D5782
                                                                                                      • Part of subcall function 006D0F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 006D0FE4
                                                                                                      • Part of subcall function 006D0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 006D101F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$Close
                                                                                                    • String ID:
                                                                                                    • API String ID: 1979452859-0
                                                                                                    • Opcode ID: 226ea53f4897ecda6104b89aac836ea0571c4763150f435c334fde775eea69b5
                                                                                                    • Instruction ID: f1e3cfb1882660c17c43ff33812f7f20ef5c19c89512179aa0ecd32a47285e9a
                                                                                                    • Opcode Fuzzy Hash: 226ea53f4897ecda6104b89aac836ea0571c4763150f435c334fde775eea69b5
                                                                                                    • Instruction Fuzzy Hash: A311A336C00529EBCF21AEA49C819EEB66BEB04320B25423BED0267710C3314D50DAD0
                                                                                                    Function 006934C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,006A89CA,0000001C,80070490,00000000,00000000,80070490), ref: 006934E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FolderPath
                                                                                                    • String ID:
                                                                                                    • API String ID: 1514166925-0
                                                                                                    • Opcode ID: 3e8684b939bf28293eb8d6ead38059f05e835d4b8a6d4bc0f5a03041d7d86f75
                                                                                                    • Instruction ID: ebb0f35773988e9a3010701777cf6bc99a7f8c7f022bb91aee43ef2e000e1390
                                                                                                    • Opcode Fuzzy Hash: 3e8684b939bf28293eb8d6ead38059f05e835d4b8a6d4bc0f5a03041d7d86f75
                                                                                                    • Instruction Fuzzy Hash: 6EE0C2722012257BAF022E625C05CEB3BCEDF057507028015FE00D6500EA20E90092B4
                                                                                                    Function 006D2DD0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNELBASE(00000000,00000000,0069547B,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D2DDD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID:
                                                                                                    • API String ID: 3664257935-0
                                                                                                    • Opcode ID: 1f8845912a184ae0b338c21e7c3b0736b4b0e3d85fddd8a3e637098f9f858b33
                                                                                                    • Instruction ID: 7e19219c83c6d2c395dadbb799011293375f9d3d04b01b09644c2b283215e044
                                                                                                    • Opcode Fuzzy Hash: 1f8845912a184ae0b338c21e7c3b0736b4b0e3d85fddd8a3e637098f9f858b33
                                                                                                    • Instruction Fuzzy Hash: D0E0FEF592A2399A8B108F59FD445627BBEBB19B41312B65FF400C23A4C3B08440CF90
                                                                                                    Function 006CF36A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 006CF35B
                                                                                                      • Part of subcall function 006D9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006D9891
                                                                                                      • Part of subcall function 006D9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006D98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: a4c74ae3cd25cf5bde3f96662a268926558dd1587eb690da605744b3c1e93fd1
                                                                                                    • Instruction ID: f0fcd8454add05e4e826dfe231ae9fe4bf3d8e4ddc3d4389d317e7a419429bd6
                                                                                                    • Opcode Fuzzy Hash: a4c74ae3cd25cf5bde3f96662a268926558dd1587eb690da605744b3c1e93fd1
                                                                                                    • Instruction Fuzzy Hash: 91B012E16684097D328453541D03D36014FC1C2F20335C43FB618C6144ECC40C061032
                                                                                                    Function 006CF37A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 006CF35B
                                                                                                      • Part of subcall function 006D9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006D9891
                                                                                                      • Part of subcall function 006D9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006D98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: e90659f0f069cdf357522b81537779764103ae034e57eb972cbc923ad105792d
                                                                                                    • Instruction ID: 67f154e241ca6df16d3db840a8a2e69a795accf5b367063575622b5e736bd0c2
                                                                                                    • Opcode Fuzzy Hash: e90659f0f069cdf357522b81537779764103ae034e57eb972cbc923ad105792d
                                                                                                    • Instruction Fuzzy Hash: 86B012E16685097C328453541C02D36014FC1C2F20335C53FF618C6140ECC01C451032
                                                                                                    Function 006CF349 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 006CF35B
                                                                                                      • Part of subcall function 006D9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006D9891
                                                                                                      • Part of subcall function 006D9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006D98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: 590e07e135deae993574e62b15702dbb60e5870ab48fa93fb211e1bb6aab455f
                                                                                                    • Instruction ID: 25f70bf2f293aaaa9d2d9791b57affdf5e42a2b75c84e6237d75ab7ef7f1b8b1
                                                                                                    • Opcode Fuzzy Hash: 590e07e135deae993574e62b15702dbb60e5870ab48fa93fb211e1bb6aab455f
                                                                                                    • Instruction Fuzzy Hash: 4AB012E26684097C324413506C02C36020FC1C2F24335C43FBB14D5040ECC40D051032
                                                                                                    Function 006D94F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 006D94E7
                                                                                                      • Part of subcall function 006D9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006D9891
                                                                                                      • Part of subcall function 006D9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006D98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: 7d7452ed297d242dcf03033b6c2371b91919d3b737a6867167707e0f4a55fe43
                                                                                                    • Instruction ID: 7c494c099d84608b7900c87c94006a90e7f777666aab699e9a8b708098336c6e
                                                                                                    • Opcode Fuzzy Hash: 7d7452ed297d242dcf03033b6c2371b91919d3b737a6867167707e0f4a55fe43
                                                                                                    • Instruction Fuzzy Hash: A0B012D6B784066C338466581C03C36018FC5C2F11331C57FB704C3382FC800C0A1032
                                                                                                    Function 006D94D5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 006D94E7
                                                                                                      • Part of subcall function 006D9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006D9891
                                                                                                      • Part of subcall function 006D9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006D98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: 14c7462aec59d815b704edab2f7df70bee3591835d97fbdcbef790b49e170049
                                                                                                    • Instruction ID: 13720e67592d09c5ff1ffaa7e695f7e8e068e885ef44098eb9cfbcf120f983f4
                                                                                                    • Opcode Fuzzy Hash: 14c7462aec59d815b704edab2f7df70bee3591835d97fbdcbef790b49e170049
                                                                                                    • Instruction Fuzzy Hash: 06B012D5B785097C334426541C42C36010FD9C3F10331C57FB300E2386BC800C061033
                                                                                                    Function 006D9506 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 006D94E7
                                                                                                      • Part of subcall function 006D9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 006D9891
                                                                                                      • Part of subcall function 006D9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 006D98A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 1269201914-0
                                                                                                    • Opcode ID: 31a2e993ba3602764d2236bd749837cfe6b8f50e6f8d61f93e42fb599611b4d5
                                                                                                    • Instruction ID: 31988b335819e01bb3602a2f625a547293c2ec0568a0f328a51f4230e69aa8a1
                                                                                                    • Opcode Fuzzy Hash: 31a2e993ba3602764d2236bd749837cfe6b8f50e6f8d61f93e42fb599611b4d5
                                                                                                    • Instruction Fuzzy Hash: E3B09295A686056C228466942A02836014AC9C2F10321856BB204D2382A8800C061032
                                                                                                    Function 006914B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,006921B8,?,00000000,?,00000000,?,006938BD,00000000,?,00000104), ref: 006914E4
                                                                                                      • Part of subcall function 00693B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B59
                                                                                                      • Part of subcall function 00693B51: HeapSize.KERNEL32(00000000,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B60
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$ProcessSizelstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 3492610842-0
                                                                                                    • Opcode ID: 658210014062d8f3121b804e1806eeedd479fc6c4f13ae98b2eeb1c6b2035f44
                                                                                                    • Instruction ID: 2cfef923299ae025e6004d340241ca2a0b2289067edc08deec2ad46ca5cb7310
                                                                                                    • Opcode Fuzzy Hash: 658210014062d8f3121b804e1806eeedd479fc6c4f13ae98b2eeb1c6b2035f44
                                                                                                    • Instruction Fuzzy Hash: E201687720021AAFCF215E14CC40FDA779FAF46B60F328229FA259F960D731EC118694

                                                                                                    Non-executed Functions

                                                                                                    Function 0069A7EF Relevance: 170.4, APIs: 29, Strings: 68, Instructions: 688COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0069B01A
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,006DCA64,000000FF,DirectorySearch,000000FF,006DCA64,Condition,feclient.dll,006DCA64,Variable,?,006DCA64,006DCA64,?,?), ref: 0069A927
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,006DB4C0), ref: 0069A97C
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,path,000000FF), ref: 0069A998
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,FileSearch,000000FF), ref: 0069A9BC
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Type,?,?,Path,006DB4C0), ref: 0069AA0F
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0069AA29
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,RegistrySearch,000000FF), ref: 0069AA51
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCR,000000FF,?,Root,?), ref: 0069AA8F
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKCU,000000FF), ref: 0069AAAE
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,HKLM,000000FF), ref: 0069AACD
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exists,000000FF,?,Win64,msi.dll,?,Type,?,?,Value,version.dll,?), ref: 0069AB8B
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,value,000000FF), ref: 0069ABA5
                                                                                                      • Part of subcall function 006D31C7: VariantInit.OLEAUT32(?), ref: 006D31DD
                                                                                                      • Part of subcall function 006D31C7: SysAllocString.OLEAUT32(?), ref: 006D31F9
                                                                                                      • Part of subcall function 006D31C7: VariantClear.OLEAUT32(?), ref: 006D3280
                                                                                                      • Part of subcall function 006D31C7: SysFreeString.OLEAUT32(00000000), ref: 006D328B
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,numeric,000000FF,?,VariableType,?,?,ExpandEnvironment,cabinet.dll), ref: 0069AC04
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,string,000000FF), ref: 0069AC26
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 0069AC46
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,directory,000000FF), ref: 0069AD1E
                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0069AEFC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Compare$Free$HeapVariant$AllocAllocateClearInitProcess
                                                                                                    • String ID: =Si$ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch$ExpandEnvironment$Failed to allocate memory for search structs.$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @FeatureId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FeatureId$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiFeatureSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$cabinet.dll$comres.dll$directory$exists$feclient.dll$keyPath$language$msi.dll$numeric$path$search.cpp$state$string$value$version$version.dll$wininet.dll
                                                                                                    • API String ID: 2748437055-1670356423
                                                                                                    • Opcode ID: 8342deb8876dfd65348b6e64cadd3fc36372a8271778d718aa70f12015c4892a
                                                                                                    • Instruction ID: 323d930e3281c9571de1a5b222e901063c8a9d0a714acf35ef03c9d8f82b1a1b
                                                                                                    • Opcode Fuzzy Hash: 8342deb8876dfd65348b6e64cadd3fc36372a8271778d718aa70f12015c4892a
                                                                                                    • Instruction Fuzzy Hash: 8F22C671D48236BACF209AD48D41EAEBAABAB04734F310316F430BA7D1D7719E41D6D2
                                                                                                    Function 006D15CB Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 320COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 006D166B
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D1675
                                                                                                    • CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 006D16C2
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D16C8
                                                                                                    • CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 006D1702
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D1708
                                                                                                    • CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 006D1748
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D174E
                                                                                                    • CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 006D178E
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D1794
                                                                                                    • CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 006D17D4
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 006D17DA
                                                                                                    • SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 006D18BD
                                                                                                    • LocalFree.KERNEL32(?), ref: 006D19DC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CreateKnownWell$DescriptorEntriesFreeInitializeLocalSecurity
                                                                                                    • String ID: srputil.cpp
                                                                                                    • API String ID: 3627156773-4105181634
                                                                                                    • Opcode ID: b702e86b504b29bf8748b50ea96f5d420c0e1f6dd0ade82e293259135bf15c99
                                                                                                    • Instruction ID: b429f3aedc8a38318470e1e31e8872b26b3444faaf5433e8a5f8ac0d5f6d03fc
                                                                                                    • Opcode Fuzzy Hash: b702e86b504b29bf8748b50ea96f5d420c0e1f6dd0ade82e293259135bf15c99
                                                                                                    • Instruction Fuzzy Hash: AAB13671D41328AAEB209BA58D44BEB77FDEF09740F014167FD09F6250E7709D858BA4
                                                                                                    Function 006BC0FA Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 364COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Failed to allocate memory for dependency providers., xrefs: 006BC481
                                                                                                    • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 006BC186
                                                                                                    • Failed to copy key for pseudo bundle., xrefs: 006BC30A
                                                                                                    • Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 006BC14D
                                                                                                    • Failed to copy filename for pseudo bundle., xrefs: 006BC1DF
                                                                                                    • Failed to copy version for pseudo bundle., xrefs: 006BC4D0
                                                                                                    • Failed to copy install arguments for related bundle package, xrefs: 006BC34C
                                                                                                    • pseudobundle.cpp, xrefs: 006BC141, 006BC17A, 006BC269, 006BC475
                                                                                                    • Failed to copy key for pseudo bundle payload., xrefs: 006BC1BB
                                                                                                    • Failed to copy download source for pseudo bundle., xrefs: 006BC231
                                                                                                    • Failed to copy repair arguments for related bundle package, xrefs: 006BC398
                                                                                                    • -%ls, xrefs: 006BC114
                                                                                                    • Failed to append relation type to install arguments for related bundle package, xrefs: 006BC371
                                                                                                    • Failed to append relation type to uninstall arguments for related bundle package, xrefs: 006BC40C
                                                                                                    • Failed to copy uninstall arguments for related bundle package, xrefs: 006BC3EB
                                                                                                    • Failed to copy display name for pseudo bundle., xrefs: 006BC4F2
                                                                                                    • Failed to copy cache id for pseudo bundle., xrefs: 006BC327
                                                                                                    • Failed to append relation type to repair arguments for related bundle package, xrefs: 006BC3B9
                                                                                                    • Failed to copy local source path for pseudo bundle., xrefs: 006BC203
                                                                                                    • Failed to allocate memory for pseudo bundle payload hash., xrefs: 006BC275
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                    • String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
                                                                                                    • API String ID: 1357844191-2832335422
                                                                                                    • Opcode ID: 607233369284128c8f1ccb60db8d953764ce7bb7442da5725cf3266a0b06c941
                                                                                                    • Instruction ID: dc560de3e5d24b0ea4ca1f14d1b7c4442ea0625f31ef305f4bdca596cc6a6aba
                                                                                                    • Opcode Fuzzy Hash: 607233369284128c8f1ccb60db8d953764ce7bb7442da5725cf3266a0b06c941
                                                                                                    • Instruction Fuzzy Hash: 59C1F4B1A00756BFEB518F68CC51EAA76EABF08720F014129FD15EB741D770EE909B90
                                                                                                    Function 006A69CC Relevance: 33.6, APIs: 6, Strings: 13, Instructions: 358synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0069D39D: EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,006A6E4B,000000B8,00000000,?,00000000,75A8B390), ref: 0069D3AC
                                                                                                      • Part of subcall function 0069D39D: InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0069D3BB
                                                                                                      • Part of subcall function 0069D39D: LeaveCriticalSection.KERNEL32(000000D0,?,006A6E4B,000000B8,00000000,?,00000000,75A8B390), ref: 0069D3D0
                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 006A6D9A
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 006A6DA3
                                                                                                    • CloseHandle.KERNEL32(@Gi,?,00000000,?,00000000,00000001,00000000), ref: 006A6DC0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCriticalHandleSection$CompareEnterExchangeInterlockedLeaveMutexRelease
                                                                                                    • String ID: @Gi$Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                    • API String ID: 322611130-3136839626
                                                                                                    • Opcode ID: 9c2c37e51f63ac124486e9a2ee3f1f965f4c1763e57a9c0a957850fef82d82b3
                                                                                                    • Instruction ID: cb3d33e86d3db71b8aef5d10b9e6426da95bad5659a1cad7d317caaf8c7b2583
                                                                                                    • Opcode Fuzzy Hash: 9c2c37e51f63ac124486e9a2ee3f1f965f4c1763e57a9c0a957850fef82d82b3
                                                                                                    • Instruction Fuzzy Hash: A7C1F571A01616FFDF55BBA0C845BEEB7AAFF05304F04422EF616A6241DB30AD548FA4
                                                                                                    Function 006944E9 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 137COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 00694512
                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00694519
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00694523
                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00694573
                                                                                                    • GetLastError.KERNEL32 ref: 0069457D
                                                                                                    • CloseHandle.KERNEL32(?), ref: 00694677
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
                                                                                                    • String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp
                                                                                                    • API String ID: 4232854991-1583736410
                                                                                                    • Opcode ID: 01d83e6fa07f98c066826fec2e07e961eecb2ddf0b557f02aedececdc2190ddd
                                                                                                    • Instruction ID: 13f9eb7bf9579324d678f3d4c42a60d5f52bab71c439fb02cc279f6348b3970e
                                                                                                    • Opcode Fuzzy Hash: 01d83e6fa07f98c066826fec2e07e961eecb2ddf0b557f02aedececdc2190ddd
                                                                                                    • Instruction Fuzzy Hash: 5C41F7B2E40325EBEB205BB99C45FBB769EEB01751F02112BFE05F6690DA214D0186E5
                                                                                                    Function 006A4CE8 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 161pipeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 006A4D16
                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,0069442A,?), ref: 006A4D1F
                                                                                                    • CreateNamedPipeW.KERNEL32(000000FF,00080003,00000000,00000001,00010000,00010000,00000001,?,?,00000000,?,?,0069442A,?), ref: 006A4DC0
                                                                                                    • GetLastError.KERNEL32(?,0069442A,?), ref: 006A4DCD
                                                                                                    • CloseHandle.KERNEL32(00000000,pipe.cpp,00000132,00000000,?,?,?,?,?,?,?,0069442A,?), ref: 006A4E93
                                                                                                    • LocalFree.KERNEL32(00000000,?,0069442A,?), ref: 006A4EC1
                                                                                                    Strings
                                                                                                    • Failed to allocate full name of pipe: %ls, xrefs: 006A4D8D
                                                                                                    • \\.\pipe\%ls, xrefs: 006A4D77
                                                                                                    • Failed to create pipe: %ls, xrefs: 006A4DFE, 006A4E84
                                                                                                    • pipe.cpp, xrefs: 006A4D43, 006A4DF1, 006A4E77
                                                                                                    • Failed to create the security descriptor for the connection event and pipe., xrefs: 006A4D4D
                                                                                                    • D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 006A4D11
                                                                                                    • Failed to allocate full name of cache pipe: %ls, xrefs: 006A4E2A
                                                                                                    • \\.\pipe\%ls.Cache, xrefs: 006A4E14
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DescriptorErrorLastSecurity$CloseConvertCreateFreeHandleLocalNamedPipeString
                                                                                                    • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
                                                                                                    • API String ID: 3065245045-3253666091
                                                                                                    • Opcode ID: eb9c72189c6e05b111a8ea5594a9f6582c80c5b7e87cbb22f3ae9f750f2e45b8
                                                                                                    • Instruction ID: 3be90fe357d095fadd2d15dcc54be9cb4a88d9289b25b82e530adb45d1f341c0
                                                                                                    • Opcode Fuzzy Hash: eb9c72189c6e05b111a8ea5594a9f6582c80c5b7e87cbb22f3ae9f750f2e45b8
                                                                                                    • Instruction Fuzzy Hash: 9B51D671E41314FFEB21AAA59C46BEEBBB6FF04310F11412AFD10EA2D0D7B14E408A94
                                                                                                    Function 006CF961 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 167encryptionCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000003,F0000040,00000003,00000000,00000000,006A9CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0), ref: 006CF9C6
                                                                                                    • GetLastError.KERNEL32 ref: 006CF9D0
                                                                                                    • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 006CFA0D
                                                                                                    • GetLastError.KERNEL32 ref: 006CFA17
                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 006CFAC9
                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 006CFAE0
                                                                                                    • GetLastError.KERNEL32 ref: 006CFAFB
                                                                                                    • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 006CFB33
                                                                                                    • GetLastError.KERNEL32 ref: 006CFB3D
                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00008004,00000001), ref: 006CFB76
                                                                                                    • GetLastError.KERNEL32 ref: 006CFB84
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CryptErrorLast$Hash$Context$AcquireCreateDestroyFileParamPointerRelease
                                                                                                    • String ID: cryputil.cpp
                                                                                                    • API String ID: 1716956426-2185294990
                                                                                                    • Opcode ID: f0e430329d340b499f3e04be19c19ea52a7fb9cf52d7b783845f32f9c69c3963
                                                                                                    • Instruction ID: fb4def29455e9a8ab71e534095532cd93803b117f240607d97222609bba4ceea
                                                                                                    • Opcode Fuzzy Hash: f0e430329d340b499f3e04be19c19ea52a7fb9cf52d7b783845f32f9c69c3963
                                                                                                    • Instruction Fuzzy Hash: 4B517832E41264EBEB319BA58C04FEB77EAEB08751F01416ABE4DE6150D7748D809BE4
                                                                                                    Function 006A9C99 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 181COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Failed to transfer working path to unverified path for payload: %ls., xrefs: 006A9D9F
                                                                                                    • Failed to reset permissions on unverified cached payload: %ls, xrefs: 006A9DEC
                                                                                                    • Failed to find payload: %ls in working path: %ls and unverified path: %ls, xrefs: 006A9DC6
                                                                                                    • Failed to move verified file to complete payload path: %ls, xrefs: 006A9E68
                                                                                                    • Failed to get cached path for package with cache id: %ls, xrefs: 006A9CC3
                                                                                                    • copying, xrefs: 006A9E27
                                                                                                    • moving, xrefs: 006A9E2C, 006A9E34
                                                                                                    • Failed to concat complete cached path., xrefs: 006A9CEF
                                                                                                    • Failed to create unverified path., xrefs: 006A9D69
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Failed to concat complete cached path.$Failed to create unverified path.$Failed to find payload: %ls in working path: %ls and unverified path: %ls$Failed to get cached path for package with cache id: %ls$Failed to move verified file to complete payload path: %ls$Failed to reset permissions on unverified cached payload: %ls$Failed to transfer working path to unverified path for payload: %ls.$copying$moving
                                                                                                    • API String ID: 0-1289240508
                                                                                                    • Opcode ID: e60f8b47e2bd11e8cc6ec702c162b3f7509ea9c4c1b6969c6a6aca6d05e02361
                                                                                                    • Instruction ID: 2271848e0f39002ae406f7f5de48d23e54efc14e02ff67ad877c0696a9e5b9bf
                                                                                                    • Opcode Fuzzy Hash: e60f8b47e2bd11e8cc6ec702c162b3f7509ea9c4c1b6969c6a6aca6d05e02361
                                                                                                    • Instruction Fuzzy Hash: 14518131D41619FBDF227B94CC02F9DBA77AF15300F21406AF90075261EB724EA0AFA5
                                                                                                    Function 006CFDC2 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 130threadtimeCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(006FB60C,00000000,?,?,?,?,006B1014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 006CFDF0
                                                                                                    • GetCurrentProcessId.KERNEL32(00000000,?,006B1014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 006CFE00
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 006CFE09
                                                                                                    • GetLocalTime.KERNEL32(8007139F,?,006B1014,8007139F,Invalid operation for this state.,cabextract.cpp,000001C7,8007139F), ref: 006CFE1F
                                                                                                    • LeaveCriticalSection.KERNEL32(006FB60C,?,00000000,00000000,0000FDE9), ref: 006CFF12
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                                                    • String ID: $co$%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$(co$,co$0co$0co
                                                                                                    • API String ID: 296830338-1812457190
                                                                                                    • Opcode ID: 718c44a29672ee2d920ffef2dafde0fc71a43ee9387bf226b965a7946b60bf41
                                                                                                    • Instruction ID: 838fb93132ae144873d51971a2429dc2ff26d749055824acda6da652943d994f
                                                                                                    • Opcode Fuzzy Hash: 718c44a29672ee2d920ffef2dafde0fc71a43ee9387bf226b965a7946b60bf41
                                                                                                    • Instruction Fuzzy Hash: F9413C72D01219EBDB209BA4DC45BFEB7FBEB09B11F11502AFA11E6260D7349D41CBA1
                                                                                                    Function 00696184 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 006961D2
                                                                                                    • GetLastError.KERNEL32 ref: 006961DC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastVersion
                                                                                                    • String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 305913169-1971907631
                                                                                                    • Opcode ID: 84a5ac4c07cdc84c090bf78d0c0aaceea67bf6b3c3f47a00a66ca48ab66a75d3
                                                                                                    • Instruction ID: db452c16f2a5e253b466686c6d05839b5faa2c763d8bd8665382f3a91257a311
                                                                                                    • Opcode Fuzzy Hash: 84a5ac4c07cdc84c090bf78d0c0aaceea67bf6b3c3f47a00a66ca48ab66a75d3
                                                                                                    • Instruction Fuzzy Hash: 35418671E01328ABDF209BA9CC45EEA7BBEEB89710F11019BF505E7640D6709F82CB54
                                                                                                    Function 006A993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,?,*.*,?,?,?,00000000,.unverified,?), ref: 006A99ED
                                                                                                    • lstrlenW.KERNEL32(?), ref: 006A9A14
                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 006A9A74
                                                                                                    • FindClose.KERNEL32(00000000), ref: 006A9A7F
                                                                                                      • Part of subcall function 00693BC3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00693C3F
                                                                                                      • Part of subcall function 00693BC3: GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00693C52
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                    • String ID: *.*$.unverified
                                                                                                    • API String ID: 457978746-2528915496
                                                                                                    • Opcode ID: c14d56bbf94e6c58ecbd7179728d2961ffc8484cb9e06f2435f0dd77271ddb6b
                                                                                                    • Instruction ID: 192b461111d0ca6240614d4860ec614d095ec0c52308e53729f226337a862b0c
                                                                                                    • Opcode Fuzzy Hash: c14d56bbf94e6c58ecbd7179728d2961ffc8484cb9e06f2435f0dd77271ddb6b
                                                                                                    • Instruction Fuzzy Hash: 5441747190056CAEDF60FB64DC49BEA77BAAF45301F5001E6EA09E51A0EB719EC4CF18
                                                                                                    Function 006D8733 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 79timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000001,00000000), ref: 006D8788
                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 006D879A
                                                                                                    Strings
                                                                                                    • %04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 006D8771
                                                                                                    • feclient.dll, xrefs: 006D8762
                                                                                                    • crypt32.dll, xrefs: 006D8758
                                                                                                    • %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 006D87E3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$InformationLocalSpecificSystemZone
                                                                                                    • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ$crypt32.dll$feclient.dll
                                                                                                    • API String ID: 1772835396-1985132828
                                                                                                    • Opcode ID: e25a76ec9893d22ac09a6c344042c167dc812a1d85f784e2a14914bec9d7671f
                                                                                                    • Instruction ID: 18ab2e0d9d4cc2820efd3a884292f4e7c03bc09c15bcb19fbe2e483a5808e459
                                                                                                    • Opcode Fuzzy Hash: e25a76ec9893d22ac09a6c344042c167dc812a1d85f784e2a14914bec9d7671f
                                                                                                    • Instruction Fuzzy Hash: 17213CA6900118FED720DB969C05FBBB3FDEB48B11F10445AF984D6180E738AE81D774
                                                                                                    Function 006CA85E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __floor_pentium4
                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                    • Opcode ID: 005a35c98f60ca4d81dfbea59132a9328836dae8955f5abb2e0fd20840a15a8c
                                                                                                    • Instruction ID: 0ee27f88211784e8576def0a44d41c08817c367d94db0cad430e8f4c71d41f45
                                                                                                    • Opcode Fuzzy Hash: 005a35c98f60ca4d81dfbea59132a9328836dae8955f5abb2e0fd20840a15a8c
                                                                                                    • Instruction Fuzzy Hash: 24C21771E086288BDB25CE689D41BFAB7BAEB44305F1451EED84DE7240E774AE818F41
                                                                                                    Function 006960BA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastNameUser
                                                                                                    • String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 2054405381-1522884404
                                                                                                    • Opcode ID: f4a68e2ec092f2d4c7ad4bc19d0d8c024d3cef9921470d13549c640242c232f0
                                                                                                    • Instruction ID: e09923f4d60193a64cfb38379acff220065a70db1312996c6d3e870cc65dbc45
                                                                                                    • Opcode Fuzzy Hash: f4a68e2ec092f2d4c7ad4bc19d0d8c024d3cef9921470d13549c640242c232f0
                                                                                                    • Instruction Fuzzy Hash: 8B01D671E01329ABDB20ABA9DC09AAB77AEDB00720F01415BF804E7241EA749E458695
                                                                                                    Function 006CFD20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FormatMessageW.KERNEL32(00000900,?,00000000,00000000,00000000,00000000,?,00000000,?,?,006D03EC,?,00000000,?,?,00000001), ref: 006CFD3F
                                                                                                    • GetLastError.KERNEL32(?,006D03EC,?,00000000,?,?,00000001,?,00695523,?,?,00000000,?,?,0069528D,00000002), ref: 006CFD4B
                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,006D03EC,?,00000000,?,?,00000001,?,00695523,?,?), ref: 006CFDB3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                    • String ID: logutil.cpp
                                                                                                    • API String ID: 1365068426-3545173039
                                                                                                    • Opcode ID: 4bdafa93d44027e0787f3eb50d6f31fef7231e537b2875ba8fbd5f408a4c6ce8
                                                                                                    • Instruction ID: 9f27f9fddf552700d8252c98e0c4f52fd972b17ba5dadeede6b7df79598fa511
                                                                                                    • Opcode Fuzzy Hash: 4bdafa93d44027e0787f3eb50d6f31fef7231e537b2875ba8fbd5f408a4c6ce8
                                                                                                    • Instruction Fuzzy Hash: E9116D31A01219EADB21AF94CD05FFF7B6BEF54710F01406EFD0696164DB319B60D6A1
                                                                                                    Function 006B6945 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000003,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,006B68EF,00000000,00000003), ref: 006B695C
                                                                                                    • GetLastError.KERNEL32(?,006B68EF,00000000,00000003,00000000,?,?,?,?,?,?,?,?,?,006B6CE1,?), ref: 006B6966
                                                                                                    Strings
                                                                                                    • msuengine.cpp, xrefs: 006B698A
                                                                                                    • Failed to set service start type., xrefs: 006B6994
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChangeConfigErrorLastService
                                                                                                    • String ID: Failed to set service start type.$msuengine.cpp
                                                                                                    • API String ID: 1456623077-1628545019
                                                                                                    • Opcode ID: 31215a6b21fe90f539aeee2df46bada90807c9ba5759d3b2c7a4cbe02a870bc3
                                                                                                    • Instruction ID: c541b3a209429b84ca41c1cf44cb2b46fa254b66174281c76ea204db66a1eac0
                                                                                                    • Opcode Fuzzy Hash: 31215a6b21fe90f539aeee2df46bada90807c9ba5759d3b2c7a4cbe02a870bc3
                                                                                                    • Instruction Fuzzy Hash: FDF06C33B4533576AB1125EA5C05F877FCADF017B0F125326FD28E52D4DA154D0042E5
                                                                                                    Function 006C3BB0 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 006C3CA8
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 006C3CB2
                                                                                                    • UnhandledExceptionFilter.KERNEL32(80003CDD,?,?,?,?,?,?), ref: 006C3CBF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                    • String ID:
                                                                                                    • API String ID: 3906539128-0
                                                                                                    • Opcode ID: cf976e67f7751daf9d955589c252102812d41515e8200d2664b7242f169e7c3e
                                                                                                    • Instruction ID: 821616a0dcb8246ccd2ad0623323ee8e7f10886e3bc5fa6a03d4bd8c2594ff4b
                                                                                                    • Opcode Fuzzy Hash: cf976e67f7751daf9d955589c252102812d41515e8200d2664b7242f169e7c3e
                                                                                                    • Instruction Fuzzy Hash: F631B7759012289BCB61DF64DD89BDDB7B9AF08310F5051EAE81CA7261EB309F858F44
                                                                                                    Function 006C7A87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: /
                                                                                                    • API String ID: 0-2043925204
                                                                                                    • Opcode ID: 4870a3c37459241c97556a2ecd0794938f06a7838fc4f9d144420aaac406a404
                                                                                                    • Instruction ID: 9a78795dc33158a95bb13ac9f76a70ccd33eff35956d810086911fe9604e53a2
                                                                                                    • Opcode Fuzzy Hash: 4870a3c37459241c97556a2ecd0794938f06a7838fc4f9d144420aaac406a404
                                                                                                    • Instruction Fuzzy Hash: 6441F8725002196ACB249FB9DC89EFB777AEB84314F50416DF91597280E6319E81CF64
                                                                                                    Function 006CA3B0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: eb5ef6380223df80c09fbffff4406c54564286920eb9de1bd108dda9bf4439f2
                                                                                                    • Instruction ID: 4db626a3c9120fb2c7ef743be839528c3915657d95b6f8314b97d4a6365efc9f
                                                                                                    • Opcode Fuzzy Hash: eb5ef6380223df80c09fbffff4406c54564286920eb9de1bd108dda9bf4439f2
                                                                                                    • Instruction Fuzzy Hash: 47021975E002199BDF14CFA9C890BADB7F2FF48318F25826ED919E7344D731AA418B91
                                                                                                    Function 006D393B Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D3AC9: RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,006D396A,?), ref: 006D3B3A
                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 006D398E
                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006D399F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                                                    • String ID:
                                                                                                    • API String ID: 2114926846-0
                                                                                                    • Opcode ID: f491d3279e4c76e2fcabd23ab59d982dce64d5f7d2ac8cee300d460d40453205
                                                                                                    • Instruction ID: 67ead1a38096ee76420063fc68a7fb2b62d3f7dcd03d22c41dc12358bb93b12b
                                                                                                    • Opcode Fuzzy Hash: f491d3279e4c76e2fcabd23ab59d982dce64d5f7d2ac8cee300d460d40453205
                                                                                                    • Instruction Fuzzy Hash: AB113CB1D0021AEBDB10DFA5DC95ABFB7F9FF08300F50142EA545AA381E7B09A44CB56
                                                                                                    Function 006D4315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(006B8FFA,?,000002C0,00000000,00000000), ref: 006D4350
                                                                                                    • FindClose.KERNEL32(00000000), ref: 006D435C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                    • String ID:
                                                                                                    • API String ID: 2295610775-0
                                                                                                    • Opcode ID: 7119c0a9ff30d8addf840b16af4742d90fa9a46e496e91e5022e805d53c707d9
                                                                                                    • Instruction ID: ab8946a5a5faf9a4ce23c9ea57c1fb9e88fb1144eae46dadaf728abd6f9a9153
                                                                                                    • Opcode Fuzzy Hash: 7119c0a9ff30d8addf840b16af4742d90fa9a46e496e91e5022e805d53c707d9
                                                                                                    • Instruction Fuzzy Hash: 5601D671E00208EBDB20EFAADD89DAAB3AEEBC5325F410166E908C7350DB309D498754
                                                                                                    Function 006C2B21 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 0$comres.dll
                                                                                                    • API String ID: 0-3030269839
                                                                                                    • Opcode ID: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                    • Instruction ID: aec375cbcef22ab2449ab1d7aaaabbc27985c87ef9699f80c6d08441f834ec58
                                                                                                    • Opcode Fuzzy Hash: f7a880ec5967ec64a90054ca813bf1243ddeae79b496adee3d9f08ad155e7dd2
                                                                                                    • Instruction Fuzzy Hash: 83518960600B4757DB789E6849B6FFE2397EF22748F18451EEC43DB382D205EE42935A
                                                                                                    Function 006CED4C Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,006CED47,?,?,00000008,?,?,006CE9E7,00000000), ref: 006CEF79
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 3997070919-0
                                                                                                    • Opcode ID: b74386b9037ba42dd0c06f2c9279740f711b8e3ba8e10071cd89d631353c5fde
                                                                                                    • Instruction ID: 1d0304816e4fe4550e2b31d573061212d9317a2eafaa3efd868e7b56ed2f19f6
                                                                                                    • Opcode Fuzzy Hash: b74386b9037ba42dd0c06f2c9279740f711b8e3ba8e10071cd89d631353c5fde
                                                                                                    • Instruction Fuzzy Hash: 39B11C316106099FD715CF28C48ABA57BF2FF49365F25865CE899CF2A1C336E992CB40
                                                                                                    Function 006BE773 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0002E77F,006BDEF8), ref: 006BE778
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                    • String ID:
                                                                                                    • API String ID: 3192549508-0
                                                                                                    • Opcode ID: 56f6bfb8298ad99fb060a21664c7a8a6a3e84ea70e4f5458144436eac794402f
                                                                                                    • Instruction ID: 9ba8ec89b18e90b12ec7f5a219eb9e21fad82fff9092649299605697a3b0189a
                                                                                                    • Opcode Fuzzy Hash: 56f6bfb8298ad99fb060a21664c7a8a6a3e84ea70e4f5458144436eac794402f
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 006C0662 Relevance: .3, Instructions: 345COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                    • Instruction ID: 1dfa36d3855a30c6e3ae3662f5a26699dd70e0fa2832a0bf9b501b7de2183c02
                                                                                                    • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                    • Instruction Fuzzy Hash: E7C1EA3220516389FF1D4679D438B7EFAA2DE917B131A535DD4B3CB2C5EE24C624D620
                                                                                                    Function 006C0A97 Relevance: .3, Instructions: 341COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                    • Instruction ID: ca9a8f7e9268fdfe9f8e898311c3355886272ab0e87c60c52e532d87b47f5a82
                                                                                                    • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                    • Instruction Fuzzy Hash: FBC1E8322051A389FF2D4679D438B7EBAA2EE927B131A175DD4B3CB2C4EE34D624D510
                                                                                                    Function 006C022D Relevance: .3, Instructions: 331COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                    • Instruction ID: 4fb1bbb9a648b81ad79fbe0b1aca8cd0531b029d2fc49cb79da463c9bd69548d
                                                                                                    • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                    • Instruction Fuzzy Hash: 1CC10A322051A38AFF2D4679D438B7EFAB2DA917B131A536DD4B3CB2C4EE24C624D510
                                                                                                    Function 006BFE15 Relevance: .3, Instructions: 323COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                    • Instruction ID: 286677314c2c67c06529ab053ac83e9b22648849a6591eab6fe1b5b628b65f0c
                                                                                                    • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                    • Instruction Fuzzy Hash: 9AC11D322050A349EF2D4679D4387BEFBB29E927B131A536DD4B3CB2D0EE24C664C610
                                                                                                    Function 006C2D50 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 213376a21a1488c76d355707d6771a0286d0474945592c2b8fb81f196afdb84a
                                                                                                    • Instruction ID: bc12c182bf9bd3927a7a677d030cf05b1a8af13fed540ad451a553e175b61e07
                                                                                                    • Opcode Fuzzy Hash: 213376a21a1488c76d355707d6771a0286d0474945592c2b8fb81f196afdb84a
                                                                                                    • Instruction Fuzzy Hash: 7E613A7124070B96DB786A2888B5FFE6397EF65700F14491EED43EB381DA21ED828259
                                                                                                    Function 0069CCB6 Relevance: 86.1, APIs: 3, Strings: 46, Instructions: 366COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000000,Packaging,00000000,00000000,FilePath,comres.dll,00000000,006DCA64,?,00000000), ref: 0069CDEC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateCompareProcessString
                                                                                                    • String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$cabinet.dll$comres.dll$download$embedded$external$feclient.dll$msasn1.dll$msi.dll$payload.cpp$version.dll$wininet.dll
                                                                                                    • API String ID: 1171520630-1949177747
                                                                                                    • Opcode ID: 5b416f3a2bb9b702b6f3a7a0a1948d429efe5c1072b7dcc8544547bc74de489d
                                                                                                    • Instruction ID: 7e03c45cf2973723cab1cf0b5a5ab4a4a0d47b48b072f84612f7ddffec5303c4
                                                                                                    • Opcode Fuzzy Hash: 5b416f3a2bb9b702b6f3a7a0a1948d429efe5c1072b7dcc8544547bc74de489d
                                                                                                    • Instruction Fuzzy Hash: C8C1B332D41629BACF219F50CC01EAEBA6BAF04760F114276F902BBB90C7759E02D795
                                                                                                    Function 0069FE26 Relevance: 81.0, APIs: 1, Strings: 45, Instructions: 476registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000101,?,?,00020006,00000000,?,?,?), ref: 006A0409
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close
                                                                                                    • String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.10.4.4718$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString
                                                                                                    • API String ID: 3535843008-3978993339
                                                                                                    • Opcode ID: bd843ce33efb717c494d365ebd30d6f1f7c0939fb23507c927ac975b3e31ded0
                                                                                                    • Instruction ID: f49730766f24086b52a0ce5d51d0753132268f89220af320f59db3b3db3bf72a
                                                                                                    • Opcode Fuzzy Hash: bd843ce33efb717c494d365ebd30d6f1f7c0939fb23507c927ac975b3e31ded0
                                                                                                    • Instruction Fuzzy Hash: 3FF1D531E41B66FBFF126A50CC12BAD7AA7BF02750F120165F800BA751D7B1AD60ABC4
                                                                                                    Function 0069834D Relevance: 61.6, APIs: 5, Strings: 30, Instructions: 331COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?,?,00000000,80070490,?,?,?,?,?,?,?,=Si,006BBF87,?,?,?), ref: 0069837E
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,=Si,006BBF87,?,?,?,?,=Si,Chain), ref: 006986DB
                                                                                                    Strings
                                                                                                    • variable.cpp, xrefs: 00698690
                                                                                                    • numeric, xrefs: 00698493
                                                                                                    • Failed to get @Hidden., xrefs: 006986BF
                                                                                                    • string, xrefs: 006984CE
                                                                                                    • Attempt to set built-in variable value: %ls, xrefs: 0069869F
                                                                                                    • Value, xrefs: 0069843C
                                                                                                    • Failed to get @Type., xrefs: 0069865F
                                                                                                    • Failed to get variable node count., xrefs: 006983B8
                                                                                                    • Failed to change variant type., xrefs: 006986B1
                                                                                                    • Failed to find variable value '%ls'., xrefs: 006986A9
                                                                                                    • version, xrefs: 00698503
                                                                                                    • Initializing version variable '%ls' to value '%ls', xrefs: 0069852A
                                                                                                    • Failed to set value of variable: %ls, xrefs: 0069867E
                                                                                                    • Failed to get @Value., xrefs: 0069866D
                                                                                                    • Failed to get @Id., xrefs: 006986C6
                                                                                                    • =Si, xrefs: 0069834D
                                                                                                    • Failed to insert variable '%ls'., xrefs: 0069859D
                                                                                                    • Failed to set variant value., xrefs: 00698666
                                                                                                    • Invalid value for @Type: %ls, xrefs: 0069864F
                                                                                                    • Persisted, xrefs: 00698421
                                                                                                    • Failed to select variable nodes., xrefs: 0069839B
                                                                                                    • Failed to get @Persisted., xrefs: 006986B8
                                                                                                    • Variable, xrefs: 00698388
                                                                                                    • Failed to get next node., xrefs: 006986CD
                                                                                                    • Hidden, xrefs: 00698406
                                                                                                    • Failed to set variant encryption, xrefs: 00698674
                                                                                                    • Initializing hidden variable '%ls', xrefs: 00698548
                                                                                                    • Initializing numeric variable '%ls' to value '%ls', xrefs: 006984B9
                                                                                                    • Type, xrefs: 0069847A
                                                                                                    • Initializing string variable '%ls' to value '%ls', xrefs: 006984F1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: =Si$Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
                                                                                                    • API String ID: 3168844106-2780994789
                                                                                                    • Opcode ID: 9970ce9c125b90e84eb667bb419245dce1d6d2195df0c21da9e72e337ded0f51
                                                                                                    • Instruction ID: 8f24152990b168b561b43f02a7499c7993ec249cd4805646612d079e6854886d
                                                                                                    • Opcode Fuzzy Hash: 9970ce9c125b90e84eb667bb419245dce1d6d2195df0c21da9e72e337ded0f51
                                                                                                    • Instruction Fuzzy Hash: F2B1B072D4022ABFCF119B94CC45EAEBB7BAF45720F120256F901BB791CB709A50DB94
                                                                                                    Function 006B6A85 Relevance: 58.1, APIs: 7, Strings: 26, Instructions: 377COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,006ABBCA,00000007,?,?,?), ref: 006B6AD9
                                                                                                      • Part of subcall function 006D09BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00695D8F,00000000), ref: 006D09CF
                                                                                                      • Part of subcall function 006D09BB: GetProcAddress.KERNEL32(00000000), ref: 006D09D6
                                                                                                      • Part of subcall function 006D09BB: GetLastError.KERNEL32(?,?,?,00695D8F,00000000), ref: 006D09ED
                                                                                                    • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 006B6EC9
                                                                                                    • CloseHandle.KERNEL32(00000000,?,000001F4,?,?,?,?,?,?,?,?,?,?,wusa.exe,?,00000025), ref: 006B6EDD
                                                                                                    Strings
                                                                                                    • Failed to append log switch to MSU command-line., xrefs: 006B6C6F
                                                                                                    • 2, xrefs: 006B6D6C
                                                                                                    • Failed to append log path to MSU command-line., xrefs: 006B6C8D
                                                                                                    • /log:, xrefs: 006B6C5B
                                                                                                    • WixBundleExecutePackageCacheFolder, xrefs: 006B6BC4, 006B6EF5
                                                                                                    • Failed to get action arguments for MSU package., xrefs: 006B6B8F
                                                                                                    • Bootstrapper application aborted during MSU progress., xrefs: 006B6E0D
                                                                                                    • Failed to find System32 directory., xrefs: 006B6B4E
                                                                                                    • "%ls" /uninstall /kb:%ls /quiet /norestart, xrefs: 006B6C2E
                                                                                                    • Failed to allocate WUSA.exe path., xrefs: 006B6B6C
                                                                                                    • wusa.exe, xrefs: 006B6B59
                                                                                                    • Failed to get cached path for package: %ls, xrefs: 006B6BB5
                                                                                                    • Failed to wait for executable to complete: %ls, xrefs: 006B6E58
                                                                                                    • Failed to find Windows directory., xrefs: 006B6B18
                                                                                                    • msuengine.cpp, xrefs: 006B6D46, 006B6DDB, 006B6E03
                                                                                                    • SysNative\, xrefs: 006B6B23
                                                                                                    • Failed to get process exit code., xrefs: 006B6DE5
                                                                                                    • Failed to append SysNative directory., xrefs: 006B6B36
                                                                                                    • Failed to determine WOW64 status., xrefs: 006B6AEB
                                                                                                    • Failed to format MSU install command., xrefs: 006B6C15
                                                                                                    • Failed to build MSU path., xrefs: 006B6BEE
                                                                                                    • Failed to format MSU uninstall command., xrefs: 006B6C42
                                                                                                    • "%ls" "%ls" /quiet /norestart, xrefs: 006B6C01
                                                                                                    • D, xrefs: 006B6CF4
                                                                                                    • Failed to CreateProcess on path: %ls, xrefs: 006B6D53
                                                                                                    • Failed to ensure WU service was enabled to install MSU package., xrefs: 006B6CE7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Handle$Close$AddressCurrentErrorLastModuleProcProcess
                                                                                                    • String ID: /log:$"%ls" "%ls" /quiet /norestart$"%ls" /uninstall /kb:%ls /quiet /norestart$2$Bootstrapper application aborted during MSU progress.$D$Failed to CreateProcess on path: %ls$Failed to allocate WUSA.exe path.$Failed to append SysNative directory.$Failed to append log path to MSU command-line.$Failed to append log switch to MSU command-line.$Failed to build MSU path.$Failed to determine WOW64 status.$Failed to ensure WU service was enabled to install MSU package.$Failed to find System32 directory.$Failed to find Windows directory.$Failed to format MSU install command.$Failed to format MSU uninstall command.$Failed to get action arguments for MSU package.$Failed to get cached path for package: %ls$Failed to get process exit code.$Failed to wait for executable to complete: %ls$SysNative\$WixBundleExecutePackageCacheFolder$msuengine.cpp$wusa.exe
                                                                                                    • API String ID: 1400713077-4261965642
                                                                                                    • Opcode ID: 37c66900f958142a5053de1a6bf929bec0f223b4dc3ef3a74994c21dd7b12c20
                                                                                                    • Instruction ID: c14e3b356cd50eb757b58364eb15bc2543efcc2927cc2d94605e932f4a1b0c47
                                                                                                    • Opcode Fuzzy Hash: 37c66900f958142a5053de1a6bf929bec0f223b4dc3ef3a74994c21dd7b12c20
                                                                                                    • Instruction Fuzzy Hash: B4D1A1B1A0031AEEDF119FE5CC85EEE7BBAAF04704F10402AF605F6261D7B99D858B51
                                                                                                    Function 006A52E3 Relevance: 52.7, APIs: 17, Strings: 13, Instructions: 222filepipesleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,?,006DB4F0,?,00000000,?,0069442A,?,006DB4F0), ref: 006A5304
                                                                                                    • GetCurrentProcessId.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A530F
                                                                                                    • SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A5346
                                                                                                    • ConnectNamedPipe.KERNEL32(?,00000000,?,0069442A,?,006DB4F0), ref: 006A535B
                                                                                                    • GetLastError.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A5365
                                                                                                    • Sleep.KERNEL32(00000064,?,0069442A,?,006DB4F0), ref: 006A5396
                                                                                                    • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A53B9
                                                                                                    • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A53D4
                                                                                                    • WriteFile.KERNEL32(?,*Di,006DB4F0,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A53EF
                                                                                                    • WriteFile.KERNEL32(?,comres.dll,00000004,feclient.dll,00000000,?,0069442A,?,006DB4F0), ref: 006A540A
                                                                                                    • ReadFile.KERNEL32(?,wininet.dll,00000004,feclient.dll,00000000,?,0069442A,?,006DB4F0), ref: 006A5425
                                                                                                    • GetLastError.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A547D
                                                                                                    • GetLastError.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A54B1
                                                                                                    • GetLastError.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A54E5
                                                                                                    • GetLastError.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A557B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                    • String ID: *Di$Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$comres.dll$crypt32.dll$feclient.dll$pipe.cpp$wininet.dll
                                                                                                    • API String ID: 2944378912-695727633
                                                                                                    • Opcode ID: 1dac34d8fcaacee479f85904ff00f7bcd2278198e39e07a5404d838b1c59c26f
                                                                                                    • Instruction ID: 6797197c18cf79e316bba0bf132ebb27aaf0586b4a1af6aecc47fe07a90feef4
                                                                                                    • Opcode Fuzzy Hash: 1dac34d8fcaacee479f85904ff00f7bcd2278198e39e07a5404d838b1c59c26f
                                                                                                    • Instruction Fuzzy Hash: 9161BC72E41725AAEB10EAB58C45BEA76EEEF04740F124125FD06FB290E774CD018AF5
                                                                                                    Function 006D72F4 Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 340COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 006D7407
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D75D0
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D766D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$FreeHeap$AllocateCompareProcess
                                                                                                    • String ID: ($@$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
                                                                                                    • API String ID: 1555028553-2592408802
                                                                                                    • Opcode ID: 4b8d791e2e11e98699f6b55c121f43dbb1402c6db27bd549d8fe4107146389e6
                                                                                                    • Instruction ID: 47c0cf8889cea4276e55087c0ca2a241fb269253c0f631893e510c20058a39b6
                                                                                                    • Opcode Fuzzy Hash: 4b8d791e2e11e98699f6b55c121f43dbb1402c6db27bd549d8fe4107146389e6
                                                                                                    • Instruction Fuzzy Hash: 90B18331D4861ABBCB219B68CC41FAEB776AB04720F210356F521A63D1EB70EE50D796
                                                                                                    Function 006D6FB7 Relevance: 45.8, APIs: 11, Strings: 15, Instructions: 298COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,006F3C78,000000FF,?,?,?), ref: 006D707E
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,summary,000000FF), ref: 006D70A3
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 006D70C3
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,published,000000FF), ref: 006D70DF
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,updated,000000FF), ref: 006D7107
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,author,000000FF), ref: 006D7123
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,category,000000FF), ref: 006D715C
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,content,000000FF), ref: 006D7195
                                                                                                      • Part of subcall function 006D6BF6: SysFreeString.OLEAUT32(00000000), ref: 006D6D2F
                                                                                                      • Part of subcall function 006D6BF6: SysFreeString.OLEAUT32(00000000), ref: 006D6D71
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D7219
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D72C9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Compare$Free
                                                                                                    • String ID: ($atomutil.cpp$author$cabinet.dll$category$content$crypt32.dll$feclient.dll$link$msi.dll$published$summary$title$updated$version.dll
                                                                                                    • API String ID: 318886736-4031687277
                                                                                                    • Opcode ID: 9dac52ceb23671d81d5a732ef4e8da7ec466d3c75aeabced5edaeb3a1cf75604
                                                                                                    • Instruction ID: deb8985eb17919e67219d0276cf3d63cf3d578df0941d2cfff76a8135767e42b
                                                                                                    • Opcode Fuzzy Hash: 9dac52ceb23671d81d5a732ef4e8da7ec466d3c75aeabced5edaeb3a1cf75604
                                                                                                    • Instruction Fuzzy Hash: EEA19131D4825ABBCB219B94CC41FAEB776AF14720F204356F521A63D1E770EA50DB92
                                                                                                    Function 0069A311 Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069A356
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069A37C
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 0069A666
                                                                                                    Strings
                                                                                                    • Failed to change value type., xrefs: 0069A60D
                                                                                                    • Failed to allocate string buffer., xrefs: 0069A565
                                                                                                    • search.cpp, xrefs: 0069A44A, 0069A47D, 0069A4CE, 0069A5D1
                                                                                                    • Failed to set variable., xrefs: 0069A629
                                                                                                    • Failed to query registry key value size., xrefs: 0069A454
                                                                                                    • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0069A418
                                                                                                    • Unsupported registry key value type. Type = '%u', xrefs: 0069A506
                                                                                                    • Failed to open registry key., xrefs: 0069A3E9
                                                                                                    • Registry key not found. Key = '%ls', xrefs: 0069A3B0
                                                                                                    • Failed to clear variable., xrefs: 0069A3D4
                                                                                                    • Failed to query registry key value., xrefs: 0069A4D8
                                                                                                    • Failed to get expand environment string., xrefs: 0069A5DB
                                                                                                    • Failed to format value string., xrefs: 0069A387
                                                                                                    • RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 0069A63E
                                                                                                    • Failed to read registry value., xrefs: 0069A5F4
                                                                                                    • Failed to allocate memory registry value., xrefs: 0069A487
                                                                                                    • Failed to format key string., xrefs: 0069A361
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16$Close
                                                                                                    • String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
                                                                                                    • API String ID: 2348241696-3124384294
                                                                                                    • Opcode ID: fb60a8a0c37fc1d0db07ff22e44296d85b2612eb36d179db0a16145bda8d53fd
                                                                                                    • Instruction ID: 1c65c501d8cb5632d4b4ef7f216cf11237925e7e7af6f279f596960d76d4b170
                                                                                                    • Opcode Fuzzy Hash: fb60a8a0c37fc1d0db07ff22e44296d85b2612eb36d179db0a16145bda8d53fd
                                                                                                    • Instruction Fuzzy Hash: E1A1B772E40229FBDF11AAE4CC45AEE7AEFAF04710F154126F900FAA50D7719E0197E6
                                                                                                    Function 006BD22C Relevance: 44.0, APIs: 10, Strings: 15, Instructions: 276processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UuidCreate.RPCRT4(?), ref: 006BD2A7
                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 006BD2D0
                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?,?,?,?,?), ref: 006BD3BC
                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 006BD3C6
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 006BD45B
                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 006BD485
                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 006BD493
                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 006BD4CB
                                                                                                      • Part of subcall function 006BD12C: WaitForSingleObject.KERNEL32(?,000000FF,759230B0,00000000,?,?,?,?,006BD439,?), ref: 006BD145
                                                                                                      • Part of subcall function 006BD12C: ReleaseMutex.KERNEL32(?,?,?,?,006BD439,?), ref: 006BD161
                                                                                                      • Part of subcall function 006BD12C: WaitForSingleObject.KERNEL32(?,000000FF), ref: 006BD1A4
                                                                                                      • Part of subcall function 006BD12C: ReleaseMutex.KERNEL32(?), ref: 006BD1BB
                                                                                                      • Part of subcall function 006BD12C: SetEvent.KERNEL32(?), ref: 006BD1C4
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 006BD580
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 006BD598
                                                                                                    Strings
                                                                                                    • Failed to allocate event name., xrefs: 006BD333
                                                                                                    • Failed to allocate section name., xrefs: 006BD311
                                                                                                    • Failed to create netfx chainer guid., xrefs: 006BD2B4
                                                                                                    • NetFxChainer.cpp, xrefs: 006BD2E5, 006BD3EA, 006BD4B7, 006BD4EF
                                                                                                    • NetFxEvent.%ls, xrefs: 006BD31F
                                                                                                    • Failed to process netfx chainer message., xrefs: 006BD43F
                                                                                                    • %ls /pipe %ls, xrefs: 006BD373
                                                                                                    • Failed to wait for netfx chainer process to complete, xrefs: 006BD4F9
                                                                                                    • NetFxSection.%ls, xrefs: 006BD2FD
                                                                                                    • Failed to get netfx return code., xrefs: 006BD4C1
                                                                                                    • Failed to convert netfx chainer guid into string., xrefs: 006BD2EF
                                                                                                    • Failed to CreateProcess on path: %ls, xrefs: 006BD3F5
                                                                                                    • Failed to create netfx chainer., xrefs: 006BD352
                                                                                                    • Failed to allocate netfx chainer arguments., xrefs: 006BD387
                                                                                                    • D, xrefs: 006BD3A1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastWait$CloseCreateHandleMutexObjectProcessReleaseSingle$CodeEventExitFromMultipleObjectsStringUuid
                                                                                                    • String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
                                                                                                    • API String ID: 2531618940-1825855094
                                                                                                    • Opcode ID: b56f6c901c3a6b2347d88cccbc95b00a7c180ad5147caac9765d899ad547e586
                                                                                                    • Instruction ID: 9868f919f13d62b4b48078a05e97fb1ff527b10ccd11cc6d3464e326cb22d56b
                                                                                                    • Opcode Fuzzy Hash: b56f6c901c3a6b2347d88cccbc95b00a7c180ad5147caac9765d899ad547e586
                                                                                                    • Instruction Fuzzy Hash: EDA197B1D40328ABEB609BB4CD41BEE77FAAF04710F11006AE909FB251E7719E848F55
                                                                                                    Function 0069567D Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(000002C0,00000100,00000100,00000000,00000000,?,006999BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 006956A2
                                                                                                    • lstrlenW.KERNEL32(00000000,?,006999BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 006956AC
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 006958B4
                                                                                                    • LeaveCriticalSection.KERNEL32(000002C0,00000000,00000000,00000000,00000000,00000000,00000001,?,006999BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0), ref: 00695B56
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                                                    • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                    • API String ID: 1026845265-2050445661
                                                                                                    • Opcode ID: 53c6650cc8dc6028ddd421275735f688592e962c0dee146b2ddbce2f8bffa79f
                                                                                                    • Instruction ID: abb622c3340a5280c6c49dd32e9850114e9eea8d34e7e8c613ec415be080bd47
                                                                                                    • Opcode Fuzzy Hash: 53c6650cc8dc6028ddd421275735f688592e962c0dee146b2ddbce2f8bffa79f
                                                                                                    • Instruction Fuzzy Hash: 0CF19F71D00629EEDF229FA48841AAF7BAFEF04750F11412AFD16AB740D7349E01CBA5
                                                                                                    Function 006BCC24 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 235synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000000,00000018,00000001,?,00000000,?,?,006BD34C,?,?,?), ref: 006BCC6A
                                                                                                    • GetLastError.KERNEL32(?,?,006BD34C,?,?,?), ref: 006BCC77
                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 006BCEDF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
                                                                                                    • String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
                                                                                                    • API String ID: 3944734951-2991465304
                                                                                                    • Opcode ID: e552b31c3919674ab80420a517063464cc2b0d87bb99e5efda0e9876bc080ecb
                                                                                                    • Instruction ID: 1801401194117c4d64bdf1e99777568a4386a5de72c8ebf3e0ee52c515ab3a9d
                                                                                                    • Opcode Fuzzy Hash: e552b31c3919674ab80420a517063464cc2b0d87bb99e5efda0e9876bc080ecb
                                                                                                    • Instruction Fuzzy Hash: B071C4B2A41726FBE7119B698C49FAB7AEAAF14360F024116FD14A7251D730CE41C7E4
                                                                                                    Function 0069E936 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 231COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D31C7: VariantInit.OLEAUT32(?), ref: 006D31DD
                                                                                                      • Part of subcall function 006D31C7: SysAllocString.OLEAUT32(?), ref: 006D31F9
                                                                                                      • Part of subcall function 006D31C7: VariantClear.OLEAUT32(?), ref: 006D3280
                                                                                                      • Part of subcall function 006D31C7: SysFreeString.OLEAUT32(00000000), ref: 006D328B
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,Detect,000000FF,?,006DCA64,?,?,Action,?,?,?,00000000,?), ref: 0069EA07
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,Upgrade,000000FF), ref: 0069EA51
                                                                                                    Strings
                                                                                                    • version.dll, xrefs: 0069EA64
                                                                                                    • Patch, xrefs: 0069EAD1
                                                                                                    • Failed to get @Action., xrefs: 0069EB5D
                                                                                                    • Failed to get @Id., xrefs: 0069EB56
                                                                                                    • Invalid value for @Action: %ls, xrefs: 0069EB46
                                                                                                    • cabinet.dll, xrefs: 0069EAAE
                                                                                                    • Failed to resize Upgrade code array in registration, xrefs: 0069EB29
                                                                                                    • Failed to resize Addon code array in registration, xrefs: 0069EB30
                                                                                                    • Failed to get RelatedBundle element count., xrefs: 0069E98B
                                                                                                    • Action, xrefs: 0069E9C4
                                                                                                    • Failed to resize Patch code array in registration, xrefs: 0069EB37
                                                                                                    • Addon, xrefs: 0069EA8E
                                                                                                    • Failed to get RelatedBundle nodes, xrefs: 0069E966
                                                                                                    • RelatedBundle, xrefs: 0069E944
                                                                                                    • Failed to get next RelatedBundle element., xrefs: 0069EB64
                                                                                                    • Failed to resize Detect code array in registration, xrefs: 0069EB22
                                                                                                    • comres.dll, xrefs: 0069EA1A
                                                                                                    • Detect, xrefs: 0069E9F8
                                                                                                    • Upgrade, xrefs: 0069EA44
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$CompareVariant$AllocClearFreeInit
                                                                                                    • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$cabinet.dll$comres.dll$version.dll
                                                                                                    • API String ID: 702752599-259800149
                                                                                                    • Opcode ID: 381053e96cf7444773016aaa26fb414df53a3f1332e7ab634c91ddc77f1800ed
                                                                                                    • Instruction ID: 1314be25f3d8b11f8b632702945980beb9ddb719cc97728d35fb02d1239853e6
                                                                                                    • Opcode Fuzzy Hash: 381053e96cf7444773016aaa26fb414df53a3f1332e7ab634c91ddc77f1800ed
                                                                                                    • Instruction Fuzzy Hash: 1B71B470E45626BBCB10CA94CD41EADB77AFF05720F214259F912ABB80D731AE11DB90
                                                                                                    Function 00698E48 Relevance: 37.2, APIs: 8, Strings: 13, Instructions: 433COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetStringTypeW.KERNEL32(00000001,56006DDB,00000001,?,00699801,?,00000000,00000000), ref: 00698E8D
                                                                                                    Strings
                                                                                                    • Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 006990AF
                                                                                                    • Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 0069924D
                                                                                                    • Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 0069910C
                                                                                                    • NOT, xrefs: 006991A7
                                                                                                    • condition.cpp, xrefs: 00698F5C, 00699027, 0069909C, 006990F9, 0069923A, 0069927A, 006992B5
                                                                                                    • Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 006992C8
                                                                                                    • Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 00698F6F
                                                                                                    • @, xrefs: 00698E93
                                                                                                    • -, xrefs: 00698FF1
                                                                                                    • Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 0069928D
                                                                                                    • Failed to set symbol value., xrefs: 00698F35
                                                                                                    • Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 0069903A
                                                                                                    • AND, xrefs: 00699187
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: StringType
                                                                                                    • String ID: -$@$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
                                                                                                    • API String ID: 4177115715-3640792234
                                                                                                    • Opcode ID: 301a16c43fca2f9407278370e30472c5dc089a6ba467a3ce9967591da1c4c3f7
                                                                                                    • Instruction ID: 1574cc25a498545205ec8ff064164a32664ba578fe1321f9fc0c3f669b2d6994
                                                                                                    • Opcode Fuzzy Hash: 301a16c43fca2f9407278370e30472c5dc089a6ba467a3ce9967591da1c4c3f7
                                                                                                    • Instruction Fuzzy Hash: 6CE1C171540205EBDF159F58C889BBA7B6FFB06710F14408AF9059FB85D7B6CA82CBA0
                                                                                                    Function 006A44E7 Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 181fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,006A49FE,006DB4D8,?,feclient.dll,00000000,?,?), ref: 006A44FE
                                                                                                    • ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,006A49FE,006DB4D8,?,feclient.dll,00000000,?,?), ref: 006A451F
                                                                                                    • GetLastError.KERNEL32(?,006A49FE,006DB4D8,?,feclient.dll,00000000,?,?), ref: 006A4525
                                                                                                    • WriteFile.KERNEL32(feclient.dll,?,00000004,006A49FE,00000000,?,006A49FE,006DB4D8,?,feclient.dll,00000000,?,?), ref: 006A468E
                                                                                                    • GetLastError.KERNEL32(?,006A49FE,006DB4D8,?,feclient.dll,00000000,?,?), ref: 006A4698
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$CurrentProcessReadWrite
                                                                                                    • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
                                                                                                    • API String ID: 3008747291-452622383
                                                                                                    • Opcode ID: 3de2e2d2d0f15d9ca272c8a672acedefa0288bc6f3762176c60ee6fd2324eb33
                                                                                                    • Instruction ID: ad5496b8a5584742ca19706000fe263b543b3d2b4e90642650478b8b0ef993ca
                                                                                                    • Opcode Fuzzy Hash: 3de2e2d2d0f15d9ca272c8a672acedefa0288bc6f3762176c60ee6fd2324eb33
                                                                                                    • Instruction Fuzzy Hash: D5510C71E41325BBEB10AAA58C45FBF77AEEB46710F120116FD11FB290DB708E018AE5
                                                                                                    Function 006B25AF Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                    • String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
                                                                                                    • API String ID: 760788290-1911311241
                                                                                                    • Opcode ID: 0c83de3aaffd90667cac5b5864e6fb11a2529842e3b17f18a85bf5b12eb28e43
                                                                                                    • Instruction ID: 6df9a01c82082ff3b630c8c0dbc3f8a4f361fe4420d57d2d7914bd1c8dcd53aa
                                                                                                    • Opcode Fuzzy Hash: 0c83de3aaffd90667cac5b5864e6fb11a2529842e3b17f18a85bf5b12eb28e43
                                                                                                    • Instruction Fuzzy Hash: 6F412CB2E853B777C62551A18C52FEAB69F5F10B30F220325F920B63D1DA64BD80539A
                                                                                                    Function 006B1970 Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 212COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,success,000000FF,?,Type,00000000,?,?,00000000,?,00000001,?), ref: 006B1A77
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,error,000000FF), ref: 006B1A95
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareHeapString$AllocateProcess
                                                                                                    • String ID: Code$ExitCode$Failed to allocate memory for exit code structs.$Failed to get @Code.$Failed to get @Type.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$Invalid exit code type: %ls$Type$error$exeengine.cpp$forceReboot$scheduleReboot$success
                                                                                                    • API String ID: 2664528157-1714101571
                                                                                                    • Opcode ID: 465d3cc2218cd152c5f9c26e831d3158cae234f25a43922986d162af8e19f1db
                                                                                                    • Instruction ID: 420ef295c3227842f953474915d2595b33d55cb82452287329802d305f9e625a
                                                                                                    • Opcode Fuzzy Hash: 465d3cc2218cd152c5f9c26e831d3158cae234f25a43922986d162af8e19f1db
                                                                                                    • Instruction Fuzzy Hash: C661E4B1E0121AFBCB109B55CC51EEEBBA6EF01720F60425AF414AF3C1D7709A81C790
                                                                                                    Function 0069F09D Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 180registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D39CD: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 006D3A1A
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00020006,00020006,00000000,?,?,00000002,00000000,?,00000000,00000001,00000002), ref: 0069F2CB
                                                                                                      • Part of subcall function 006D1344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0069F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 006D1359
                                                                                                    Strings
                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 0069F0FA
                                                                                                    • "%ls" /%ls, xrefs: 0069F172
                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 0069F0AE
                                                                                                    • Failed to delete run key value., xrefs: 0069F25A
                                                                                                    • Failed to write resume command line value., xrefs: 0069F1EA
                                                                                                    • registration.cpp, xrefs: 0069F250, 0069F29D
                                                                                                    • Failed to write Resume value., xrefs: 0069F120
                                                                                                    • Failed to write run key value., xrefs: 0069F1C8
                                                                                                    • Installed, xrefs: 0069F132
                                                                                                    • Failed to write Installed value., xrefs: 0069F143
                                                                                                    • Failed to format resume command line for RunOnce., xrefs: 0069F186
                                                                                                    • Resume, xrefs: 0069F10F
                                                                                                    • burn.runonce, xrefs: 0069F167
                                                                                                    • Failed to delete resume command line value., xrefs: 0069F2A7
                                                                                                    • BundleResumeCommandLine, xrefs: 0069F1D5, 0069F267
                                                                                                    • Failed to create run key., xrefs: 0069F1AA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseValueVersion
                                                                                                    • String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
                                                                                                    • API String ID: 2348918689-3140388177
                                                                                                    • Opcode ID: 8762b7e0e32aeb73318d03f2c721e94b36c7e1bc57db2f24c35f7ac17611ec49
                                                                                                    • Instruction ID: 0eea6ace37d83005ee37ecdcd09d80da4b63fa549277073cf3dea9fd49f5806e
                                                                                                    • Opcode Fuzzy Hash: 8762b7e0e32aeb73318d03f2c721e94b36c7e1bc57db2f24c35f7ac17611ec49
                                                                                                    • Instruction Fuzzy Hash: A051D332E41365FADF216BA5CC42BAE76ABAF05710F12053AFD00FA691D771CE5096C4
                                                                                                    Function 006D7FEC Relevance: 31.8, APIs: 9, Strings: 9, Instructions: 309COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,000002C0), ref: 006D8019
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF), ref: 006D8034
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,upgrade,000000FF), ref: 006D80D7
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00700079,000000FF,version,000000FF,00000018,006DB508,00000000), ref: 006D8116
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,exclusive,000000FF), ref: 006D8169
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,006DB508,000000FF,true,000000FF), ref: 006D8187
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,version,000000FF), ref: 006D81BF
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,enclosure,000000FF), ref: 006D8303
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: application$apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                                                    • API String ID: 1825529933-3037633208
                                                                                                    • Opcode ID: 9761ffc97f0bfafa470a2e74192a6c5cd7797e5d742b15df30662a1ad6572baa
                                                                                                    • Instruction ID: ce38999b375476acb3569a118d8d856bcbf2955ad15954d61f74ec3dc509abda
                                                                                                    • Opcode Fuzzy Hash: 9761ffc97f0bfafa470a2e74192a6c5cd7797e5d742b15df30662a1ad6572baa
                                                                                                    • Instruction Fuzzy Hash: 55B19C71904306AFDB609F54CC89FAA77B7AB44720F25465AFA28AB3D5DB70E841CB40
                                                                                                    Function 006D76A1 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 210COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 006D7703
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 006D7727
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 006D7746
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 006D777D
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 006D7798
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D77C3
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D7842
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D788E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Compare$Free
                                                                                                    • String ID: comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
                                                                                                    • API String ID: 318886736-3944986760
                                                                                                    • Opcode ID: ec5c8a16c154abd8fb3f953068113ce31f00c51909d319ebd7e5a8092352ee89
                                                                                                    • Instruction ID: 5bd3cc4ab69aeea4dc8271e32882d5275fe3525b51f3e23a28f48b25a6ff375c
                                                                                                    • Opcode Fuzzy Hash: ec5c8a16c154abd8fb3f953068113ce31f00c51909d319ebd7e5a8092352ee89
                                                                                                    • Instruction Fuzzy Hash: 0D714F35D05129FBCB11DB94CC85EEEBB7AAF04720F2106AAF525A7390E7319E00DB91
                                                                                                    Function 006AE177 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 144registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006AE05E: LoadBitmapW.USER32(?,00000001), ref: 006AE094
                                                                                                      • Part of subcall function 006AE05E: GetLastError.KERNEL32 ref: 006AE0A0
                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 006AE1D8
                                                                                                    • RegisterClassW.USER32(?), ref: 006AE1EC
                                                                                                    • GetLastError.KERNEL32 ref: 006AE1F7
                                                                                                    • UnregisterClassW.USER32(WixBurnSplashScreen,?), ref: 006AE2FC
                                                                                                    • DeleteObject.GDI32(00000000), ref: 006AE30B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
                                                                                                    • String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
                                                                                                    • API String ID: 164797020-2188509422
                                                                                                    • Opcode ID: 0e3e5961c63d0f8be4db9f6274fc69ade6b645f993df439e7b9fcf37babbf010
                                                                                                    • Instruction ID: f5d5d975c5461fa15c8dadce3a00be6d27bbecc1c6bdc29da244dac19b99aa8f
                                                                                                    • Opcode Fuzzy Hash: 0e3e5961c63d0f8be4db9f6274fc69ade6b645f993df439e7b9fcf37babbf010
                                                                                                    • Instruction Fuzzy Hash: 3D41BF72E01619FFEB11ABE4DC45EAEBBAAFF09300F121126F905E6250D7719D109BA1
                                                                                                    Function 006B9BB3 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 230threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,006BBA53,00000001), ref: 006B9C18
                                                                                                    • GetLastError.KERNEL32(?,006BBA53,00000001), ref: 006B9D88
                                                                                                    • GetExitCodeThread.KERNEL32(00000001,00000000,?,006BBA53,00000001), ref: 006B9DC8
                                                                                                    • GetLastError.KERNEL32(?,006BBA53,00000001), ref: 006B9DD2
                                                                                                    Strings
                                                                                                    • Failed to wait for cache check-point., xrefs: 006B9DB9
                                                                                                    • Failed to execute MSU package., xrefs: 006B9CCD
                                                                                                    • Invalid execute action., xrefs: 006B9E23
                                                                                                    • Failed to execute package provider registration action., xrefs: 006B9CE9
                                                                                                    • Failed to execute MSP package., xrefs: 006B9C9D
                                                                                                    • apply.cpp, xrefs: 006B9DAC, 006B9DF6
                                                                                                    • Failed to execute dependency action., xrefs: 006B9D08
                                                                                                    • Failed to load compatible package on per-machine package., xrefs: 006B9D2E
                                                                                                    • Failed to get cache thread exit code., xrefs: 006B9E03
                                                                                                    • Failed to execute MSI package., xrefs: 006B9C78
                                                                                                    • Cache thread exited unexpectedly., xrefs: 006B9E14
                                                                                                    • Failed to execute EXE package., xrefs: 006B9C4F
                                                                                                    • Failed to execute compatible package action., xrefs: 006B9D45
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                    • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                    • API String ID: 3703294532-2662572847
                                                                                                    • Opcode ID: 74f79bd98000e24eccc2db91688545deab326bef3577c9393c71bbaa00777a1d
                                                                                                    • Instruction ID: d84b803282c1e7de0ccc1ec325b9149c4f3082e9e1d9f8544b5aa8434e5c6630
                                                                                                    • Opcode Fuzzy Hash: 74f79bd98000e24eccc2db91688545deab326bef3577c9393c71bbaa00777a1d
                                                                                                    • Instruction Fuzzy Hash: 59716BB1A01269EFDB14DF65C941AFEBBFAEF08710F11416AFA05E7250D3309E418BA0
                                                                                                    Function 006BCA34 Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 173processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcessId.KERNEL32(75918FB0,00000002,00000000), ref: 006BCA40
                                                                                                      • Part of subcall function 006A4B96: UuidCreate.RPCRT4(?), ref: 006A4BC9
                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000001,08000000,00000000,00000000,?,006B21A5,?,?,00000000,?,?,?), ref: 006BCB1E
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?), ref: 006BCB28
                                                                                                    • GetProcessId.KERNEL32(006B21A5,?,?,00000000,?,?,?,?), ref: 006BCB60
                                                                                                      • Part of subcall function 006A52E3: lstrlenW.KERNEL32(?,?,00000000,?,006DB4F0,?,00000000,?,0069442A,?,006DB4F0), ref: 006A5304
                                                                                                      • Part of subcall function 006A52E3: GetCurrentProcessId.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A530F
                                                                                                      • Part of subcall function 006A52E3: SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A5346
                                                                                                      • Part of subcall function 006A52E3: ConnectNamedPipe.KERNEL32(?,00000000,?,0069442A,?,006DB4F0), ref: 006A535B
                                                                                                      • Part of subcall function 006A52E3: GetLastError.KERNEL32(?,0069442A,?,006DB4F0), ref: 006A5365
                                                                                                      • Part of subcall function 006A52E3: Sleep.KERNEL32(00000064,?,0069442A,?,006DB4F0), ref: 006A5396
                                                                                                      • Part of subcall function 006A52E3: SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A53B9
                                                                                                      • Part of subcall function 006A52E3: WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A53D4
                                                                                                      • Part of subcall function 006A52E3: WriteFile.KERNEL32(?,*Di,006DB4F0,00000000,00000000,?,0069442A,?,006DB4F0), ref: 006A53EF
                                                                                                      • Part of subcall function 006A52E3: WriteFile.KERNEL32(?,comres.dll,00000004,feclient.dll,00000000,?,0069442A,?,006DB4F0), ref: 006A540A
                                                                                                      • Part of subcall function 006D0917: WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00694E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 006D0927
                                                                                                      • Part of subcall function 006D0917: GetLastError.KERNEL32(?,?,00694E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 006D0935
                                                                                                    • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,006BC992,?,?,?,?,?,00000000,?,?,?,?), ref: 006BCBE4
                                                                                                    • CloseHandle.KERNEL32(00000000,?,000000FF,00000000,?,006BC992,?,?,?,?,?,00000000,?,?,?,?), ref: 006BCBF3
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,000000FF,00000000,?,006BC992,?,?,?,?,?,00000000,?,?,?), ref: 006BCC0A
                                                                                                    Strings
                                                                                                    • %ls -%ls %ls %ls %u, xrefs: 006BCAE3
                                                                                                    • Failed to create embedded pipe name and client token., xrefs: 006BCAA3
                                                                                                    • burn.embedded, xrefs: 006BCADB
                                                                                                    • Failed to process messages from embedded message., xrefs: 006BCBA7
                                                                                                    • Failed to wait for embedded executable: %ls, xrefs: 006BCBC7
                                                                                                    • embedded.cpp, xrefs: 006BCB49
                                                                                                    • Failed to create embedded pipe., xrefs: 006BCACA
                                                                                                    • Failed to wait for embedded process to connect to pipe., xrefs: 006BCB82
                                                                                                    • Failed to create embedded process at path: %ls, xrefs: 006BCB56
                                                                                                    • Failed to allocate embedded command., xrefs: 006BCAF7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Handle$Process$CloseErrorFileLastNamedPipeWrite$CreateCurrentState$ConnectObjectSingleSleepUuidWaitlstrlen
                                                                                                    • String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$embedded.cpp
                                                                                                    • API String ID: 875070380-3803182736
                                                                                                    • Opcode ID: 44ee8c294774173f52fb17a620f578ce0222b5ec0925438b11f4da0c81c181aa
                                                                                                    • Instruction ID: 74feadee7be8fc02680207f2163cf84fb66811c865711e6dc072635b92b5be9d
                                                                                                    • Opcode Fuzzy Hash: 44ee8c294774173f52fb17a620f578ce0222b5ec0925438b11f4da0c81c181aa
                                                                                                    • Instruction Fuzzy Hash: BA516572D4121DFBDF11EBA4DC42FEEBBBAAF04720F110116FA00B6151DB719A518B95
                                                                                                    Function 006D7E36 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 153stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,msi.dll,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000000,00000000,00000000,?,006D8320,00000001,?), ref: 006D7E56
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,digest,000000FF,002E0069,000000FF,?,006D8320,00000001,?), ref: 006D7E71
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,name,000000FF,002E0069,000000FF,?,006D8320,00000001,?), ref: 006D7E8C
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,algorithm,000000FF,?,000000FF,?,006D8320,00000001,?), ref: 006D7EF8
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,md5,000000FF,?,000000FF,?,006D8320,00000001,?), ref: 006D7F1C
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,sha1,000000FF,?,000000FF,?,006D8320,00000001,?), ref: 006D7F40
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,sha256,000000FF,?,000000FF,?,006D8320,00000001,?), ref: 006D7F60
                                                                                                    • lstrlenW.KERNEL32(006C0064,?,006D8320,00000001,?), ref: 006D7F7B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString$lstrlen
                                                                                                    • String ID: algorithm$apuputil.cpp$digest$http://appsyndication.org/2006/appsyn$md5$msi.dll$name$sha1$sha256
                                                                                                    • API String ID: 1657112622-2492263259
                                                                                                    • Opcode ID: 1bc3f928fd3e6997fc00ab563ab6c940741acbc6d2b68120997e55184f294f7a
                                                                                                    • Instruction ID: ba444753570469f124e47593c17ec14843226af6693a2ea50aec36fe2bbdb6e0
                                                                                                    • Opcode Fuzzy Hash: 1bc3f928fd3e6997fc00ab563ab6c940741acbc6d2b68120997e55184f294f7a
                                                                                                    • Instruction Fuzzy Hash: 8F519F31E4C212BBDB204F14CC86F667B67AB15730F214356FA34AA7E5D760EC908791
                                                                                                    Function 00699F2B Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 216COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699FA3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16
                                                                                                    • String ID: AssignmentType$Failed to change value type.$Failed to copy upgrade code.$Failed to enumerate related products for upgrade code.$Failed to format GUID string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$Product or related product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
                                                                                                    • API String ID: 3613110473-2134270738
                                                                                                    • Opcode ID: 5725c0b2dd54c3abb55cfb15ea5adba3f417b365f17448e8a8f4b4de6c7ddd9d
                                                                                                    • Instruction ID: e05f05c459e72de1ca11ffe636fd4d495c0b57a819c9e398786761a12146ac23
                                                                                                    • Opcode Fuzzy Hash: 5725c0b2dd54c3abb55cfb15ea5adba3f417b365f17448e8a8f4b4de6c7ddd9d
                                                                                                    • Instruction Fuzzy Hash: 7E61C132D40119BBDF21AEE8C945DEE7BAFEB44304F11016AF504BB751C6329E419796
                                                                                                    Function 006BDC0D Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 204stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(?,?,006B9751,75C08550,?,?,00000000,?,?,?,00000001,00000000,?), ref: 006BDC28
                                                                                                    Strings
                                                                                                    • Failed to create BITS job., xrefs: 006BDCB7
                                                                                                    • Failed to initialize BITS job callback., xrefs: 006BDD49
                                                                                                    • Failed to set credentials for BITS job., xrefs: 006BDCD6
                                                                                                    • Failed to download BITS job., xrefs: 006BDDBF
                                                                                                    • Failed to copy download URL., xrefs: 006BDC6F
                                                                                                    • Invalid BITS engine URL: %ls, xrefs: 006BDC4A
                                                                                                    • bitsengine.cpp, xrefs: 006BDC3E, 006BDD31
                                                                                                    • Failed to add file to BITS job., xrefs: 006BDCF5
                                                                                                    • Failed to create BITS job callback., xrefs: 006BDD3B
                                                                                                    • Failed while waiting for BITS download., xrefs: 006BDDD9
                                                                                                    • Falied to start BITS job., xrefs: 006BDDE0
                                                                                                    • Failed to set callback interface for BITS job., xrefs: 006BDD60
                                                                                                    • Failed to complete BITS job., xrefs: 006BDDD2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen
                                                                                                    • String ID: Failed to add file to BITS job.$Failed to complete BITS job.$Failed to copy download URL.$Failed to create BITS job callback.$Failed to create BITS job.$Failed to download BITS job.$Failed to initialize BITS job callback.$Failed to set callback interface for BITS job.$Failed to set credentials for BITS job.$Failed while waiting for BITS download.$Falied to start BITS job.$Invalid BITS engine URL: %ls$bitsengine.cpp
                                                                                                    • API String ID: 1659193697-2382896028
                                                                                                    • Opcode ID: 0df8f2991e1f98946733e5d63f29453b61b8f140e0dc0215dc4aaf02914ce935
                                                                                                    • Instruction ID: 7422d694129a7b9b93d9e60de573749f5fbf0ca86c4729e9a8c548ae2c51ad55
                                                                                                    • Opcode Fuzzy Hash: 0df8f2991e1f98946733e5d63f29453b61b8f140e0dc0215dc4aaf02914ce935
                                                                                                    • Instruction Fuzzy Hash: 7B61B0B1A00229EBDB119F94C885EEEBBB6AF04B50B124159F904AF352F770DD809B91
                                                                                                    Function 0069EBB2 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 173COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0069ED40
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • SysFreeString.OLEAUT32(?), ref: 0069ECF8
                                                                                                    Strings
                                                                                                    • Failed to select software tag nodes., xrefs: 0069EBE2
                                                                                                    • Failed to get @Path., xrefs: 0069ED89
                                                                                                    • Regid, xrefs: 0069EC8E
                                                                                                    • Failed to get SoftwareTag text., xrefs: 0069ED7F
                                                                                                    • Failed to get software tag count., xrefs: 0069EC07
                                                                                                    • Failed to get @Filename., xrefs: 0069ED9D
                                                                                                    • registration.cpp, xrefs: 0069EC35
                                                                                                    • Failed to convert SoftwareTag text to UTF-8, xrefs: 0069ED75
                                                                                                    • Failed to get next node., xrefs: 0069EDA7
                                                                                                    • Filename, xrefs: 0069EC73
                                                                                                    • Failed to get @Regid., xrefs: 0069ED93
                                                                                                    • Path, xrefs: 0069ECA6
                                                                                                    • SoftwareTag, xrefs: 0069EBC1
                                                                                                    • Failed to allocate memory for software tag structs., xrefs: 0069EC3F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeHeapString$AllocateProcess
                                                                                                    • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$registration.cpp
                                                                                                    • API String ID: 336948655-1068704183
                                                                                                    • Opcode ID: d5303691bcbad226d1a126062cf68b47cc31ff4c81884ee0f3ac5c08d16e3235
                                                                                                    • Instruction ID: 753729aa23f20f286a07e50f21352d6ddcdf19bb70f042c275093597b32cdb33
                                                                                                    • Opcode Fuzzy Hash: d5303691bcbad226d1a126062cf68b47cc31ff4c81884ee0f3ac5c08d16e3235
                                                                                                    • Instruction Fuzzy Hash: 7F51BF75E01329ABDF20DB95CC95EAEBBAAAF04710F1101ADF801AB741C772DE009790
                                                                                                    Function 006A4933 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 155sleepfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?), ref: 006A498D
                                                                                                    • GetLastError.KERNEL32 ref: 006A499B
                                                                                                    • Sleep.KERNEL32(00000064), ref: 006A49BF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorFileLastSleep
                                                                                                    • String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$feclient.dll$pipe.cpp
                                                                                                    • API String ID: 408151869-3212458075
                                                                                                    • Opcode ID: 13a0b44b079a2eb52465500c0f6eee4ed4353586f193ca744792093f3cd23103
                                                                                                    • Instruction ID: 59cad8abc9d54228e9e46131776f6e7a49118ed88a648dca38e5bd268e72d69e
                                                                                                    • Opcode Fuzzy Hash: 13a0b44b079a2eb52465500c0f6eee4ed4353586f193ca744792093f3cd23103
                                                                                                    • Instruction Fuzzy Hash: 1A412B32D81731FBEB2166B59C06B5B779ADF41720F110226FD10F6294DBA49D109ED8
                                                                                                    Function 0069F410 Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,006A0348,InstallerVersion,InstallerVersion,00000000,006A0348,InstallerName,InstallerName,00000000,006A0348,Date,InstalledDate,00000000,006A0348,LogonUser), ref: 0069F5BE
                                                                                                      • Part of subcall function 006D1392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0069F1C2,00000000,?,00020006), ref: 006D13C5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseValue
                                                                                                    • String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
                                                                                                    • API String ID: 3132538880-2703781546
                                                                                                    • Opcode ID: cf303d579b1687c3ec5d6d198d3d69a4dcf067491e4f2d6b0665d6546cd60e38
                                                                                                    • Instruction ID: 5d04c2959a36b9ff1010e65f1787ae91eab0218700489d944a4e663cf482a761
                                                                                                    • Opcode Fuzzy Hash: cf303d579b1687c3ec5d6d198d3d69a4dcf067491e4f2d6b0665d6546cd60e38
                                                                                                    • Instruction Fuzzy Hash: 1D41A731E41766BBCF225B51CC12EAE7AAF9F10B20F174165F900FAB91D7619E20E790
                                                                                                    Function 006B678F Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 150serviceCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,000F003F,?,?,00000000,?,?,?,?,?,?,?,?,006B6CE1,?), ref: 006B67C8
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,006B6CE1,?,?,?), ref: 006B67D5
                                                                                                    • OpenServiceW.ADVAPI32(00000000,wuauserv,00000027,?,?,?,?,?,?,?,?,006B6CE1,?,?,?), ref: 006B681D
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,006B6CE1,?,?,?), ref: 006B6829
                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,006B6CE1,?,?,?), ref: 006B6863
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,006B6CE1,?,?,?), ref: 006B686D
                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 006B6924
                                                                                                    • CloseServiceHandle.ADVAPI32(?), ref: 006B692E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Service$ErrorLast$CloseHandleOpen$ManagerQueryStatus
                                                                                                    • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$msuengine.cpp$wuauserv$lk
                                                                                                    • API String ID: 971853308-2572341237
                                                                                                    • Opcode ID: df5f6a0fdd112155affc4b639d268ce35f93c463f2b1ff77233905af66c98f28
                                                                                                    • Instruction ID: ceaea1e77c2c01028d2122571dc836d9a994dc8c564e6db9de3bf19442eb2d06
                                                                                                    • Opcode Fuzzy Hash: df5f6a0fdd112155affc4b639d268ce35f93c463f2b1ff77233905af66c98f28
                                                                                                    • Instruction Fuzzy Hash: 8B41A7B1E01325DBEB11ABA9CC45AEF77EAEB08710F12502AFD05F7240D7349C4087A4
                                                                                                    Function 006AE563 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 006AE5AE
                                                                                                    • RegisterClassW.USER32(?), ref: 006AE5DA
                                                                                                    • GetLastError.KERNEL32 ref: 006AE5E5
                                                                                                    • CreateWindowExW.USER32(00000080,006E9CC4,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 006AE64C
                                                                                                    • GetLastError.KERNEL32 ref: 006AE656
                                                                                                    • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 006AE6F4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                    • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                    • API String ID: 213125376-288575659
                                                                                                    • Opcode ID: 935e6bc7b096b12c33cae9862d9ac95af9f62a600f514790983bba9b43e29130
                                                                                                    • Instruction ID: fd718b98e85fd60553678862ad1df70a71995dd82a5ccf966827a65e55aac55e
                                                                                                    • Opcode Fuzzy Hash: 935e6bc7b096b12c33cae9862d9ac95af9f62a600f514790983bba9b43e29130
                                                                                                    • Instruction Fuzzy Hash: 3A418272E01214EBDF10ABA5DC44ADABFEAEF09750F125126F905EA250D7319D00CBA1
                                                                                                    Function 006BC517 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Failed to recreate command-line arguments., xrefs: 006BC7E6
                                                                                                    • Failed to allocate space for burn payload inside of related bundle struct, xrefs: 006BC78A
                                                                                                    • Failed to copy related arguments for passthrough bundle package, xrefs: 006BC825
                                                                                                    • Failed to copy install arguments for passthrough bundle package, xrefs: 006BC805
                                                                                                    • pseudobundle.cpp, xrefs: 006BC54B, 006BC744, 006BC77E
                                                                                                    • Failed to copy key for passthrough pseudo bundle., xrefs: 006BC72B
                                                                                                    • Failed to copy filename for passthrough pseudo bundle., xrefs: 006BC761
                                                                                                    • Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 006BC557
                                                                                                    • Failed to copy cache id for passthrough pseudo bundle., xrefs: 006BC7A8
                                                                                                    • Failed to copy key for passthrough pseudo bundle payload., xrefs: 006BC768
                                                                                                    • Failed to copy download source for passthrough pseudo bundle., xrefs: 006BC732
                                                                                                    • Failed to copy local source path for passthrough pseudo bundle., xrefs: 006BC75A
                                                                                                    • Failed to copy uninstall arguments for passthrough bundle package, xrefs: 006BC84F
                                                                                                    • Failed to allocate memory for pseudo bundle payload hash., xrefs: 006BC750
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                    • String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
                                                                                                    • API String ID: 1357844191-115096447
                                                                                                    • Opcode ID: 88988b1172c6b43b108a10755cd9280fcc238d4da3cc37f28ce564914274c6ef
                                                                                                    • Instruction ID: d5a55bcc2d8b4508f81f1cd7045c6fe45043ff9409b3c1155da5e2a4f6fd6d10
                                                                                                    • Opcode Fuzzy Hash: 88988b1172c6b43b108a10755cd9280fcc238d4da3cc37f28ce564914274c6ef
                                                                                                    • Instruction Fuzzy Hash: FAB18AB5A00616EFDB51CF28C880F95BBA6BF48720F114169FD14AB352CB31E961DF90
                                                                                                    Function 0069BB30 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 189processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069BB82
                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000200,00000000,?,00000044,?,?,?,?,?), ref: 0069BC8F
                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0069BC99
                                                                                                    • WaitForInputIdle.USER32(?,?), ref: 0069BCED
                                                                                                    • CloseHandle.KERNEL32(?,?,?), ref: 0069BD38
                                                                                                    • CloseHandle.KERNEL32(?,?,?), ref: 0069BD45
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$CreateErrorIdleInputLastOpen@16ProcessWait
                                                                                                    • String ID: "%ls"$"%ls" %s$D$Failed to CreateProcess on path: %ls$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$approvedexe.cpp
                                                                                                    • API String ID: 155678114-2737401750
                                                                                                    • Opcode ID: 74f074fc1522819d687ded9f06252c20a9ba8f75c2aaa100aadc4ac391d44b71
                                                                                                    • Instruction ID: 5054eed8c6da26c6dfc87e1881b0f06807db080ea60aff75ad562e054c252f38
                                                                                                    • Opcode Fuzzy Hash: 74f074fc1522819d687ded9f06252c20a9ba8f75c2aaa100aadc4ac391d44b71
                                                                                                    • Instruction Fuzzy Hash: 9D519B72D0061AFBDF11AFE0DD429EEBBBAFF04300F11416AEA05B6660D7319E109B91
                                                                                                    Function 0069B106 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 136COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,0069B9F7,00000008,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B10E
                                                                                                    • GetLastError.KERNEL32(?,0069B9F7,00000008,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 0069B11A
                                                                                                    • _memcmp.LIBVCRUNTIME ref: 0069B1C2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorHandleLastModule_memcmp
                                                                                                    • String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
                                                                                                    • API String ID: 3888311042-926796631
                                                                                                    • Opcode ID: 3f2020b2b6410e65516507d76774a801ed83c62575c5b50593b5fa6bfc7ca70a
                                                                                                    • Instruction ID: d231bccc779ba8dfbbe3bd8e38024ee83bb3282acabc7dfaf02188911a9ee5a3
                                                                                                    • Opcode Fuzzy Hash: 3f2020b2b6410e65516507d76774a801ed83c62575c5b50593b5fa6bfc7ca70a
                                                                                                    • Instruction Fuzzy Hash: 8A410E76744320B7DF216751ED42F6A225BEF80B20F16502FF9065FB81DB65CA0287AA
                                                                                                    Function 006A2DDC Relevance: 23.1, APIs: 1, Strings: 12, Instructions: 303COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • %ls;%ls, xrefs: 006A2EDE
                                                                                                    • Failed to create string array from ancestors., xrefs: 006A2E1A
                                                                                                    • Failed to create dictionary from ancestors array., xrefs: 006A2E46
                                                                                                    • Failed to add the package provider key "%ls" to the planned list., xrefs: 006A3107
                                                                                                    • plan.cpp, xrefs: 006A311D
                                                                                                    • feclient.dll, xrefs: 006A30BB
                                                                                                    • Failed to copy self to related bundle ancestors., xrefs: 006A312E
                                                                                                    • crypt32.dll, xrefs: 006A2E0E
                                                                                                    • Failed to lookup the bundle ID in the ancestors dictionary., xrefs: 006A30F0
                                                                                                    • Unexpected relation type encountered during plan: %d, xrefs: 006A30FE
                                                                                                    • Failed to copy ancestors and self to related bundle ancestors., xrefs: 006A2EF6
                                                                                                    • UX aborted plan related bundle., xrefs: 006A3127
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: %ls;%ls$Failed to add the package provider key "%ls" to the planned list.$Failed to copy ancestors and self to related bundle ancestors.$Failed to copy self to related bundle ancestors.$Failed to create dictionary from ancestors array.$Failed to create string array from ancestors.$Failed to lookup the bundle ID in the ancestors dictionary.$UX aborted plan related bundle.$Unexpected relation type encountered during plan: %d$crypt32.dll$feclient.dll$plan.cpp
                                                                                                    • API String ID: 0-794096528
                                                                                                    • Opcode ID: a4879a65dfd39fd50dd007c89591d0906b8f46a8ad1ffd6ccf902407ee1ac932
                                                                                                    • Instruction ID: 06cd7bcff9f2a1bd12698f8e5f7bf46e73b06ecca9031416c5a981a5f2b91bbf
                                                                                                    • Opcode Fuzzy Hash: a4879a65dfd39fd50dd007c89591d0906b8f46a8ad1ffd6ccf902407ee1ac932
                                                                                                    • Instruction Fuzzy Hash: 4BB1AB71940626EFDB15EF68C841AAABBB7BF06710F10456AF804AB350D731AE91CF90
                                                                                                    Function 0069A17D Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069A1A8
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069A204
                                                                                                    • RegQueryValueExW.ADVAPI32(000002C0,00000000,00000000,000002C0,00000000,00000000,000002C0,?,00000000,00000000,?,00000000,00000101,000002C0,000002C0,?), ref: 0069A226
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000,000002C0,00000100,00000000,000002C0), ref: 0069A300
                                                                                                    Strings
                                                                                                    • RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 0069A2D8
                                                                                                    • Failed to format value string., xrefs: 0069A20F
                                                                                                    • Failed to set variable., xrefs: 0069A2B8
                                                                                                    • search.cpp, xrefs: 0069A25B
                                                                                                    • Failed to open registry key. Key = '%ls', xrefs: 0069A2C2
                                                                                                    • Registry value not found. Key = '%ls', Value = '%ls', xrefs: 0069A275
                                                                                                    • Registry key not found. Key = '%ls', xrefs: 0069A291
                                                                                                    • Failed to format key string., xrefs: 0069A1B3
                                                                                                    • Failed to query registry key value., xrefs: 0069A265
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16$CloseQueryValue
                                                                                                    • String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
                                                                                                    • API String ID: 2702208347-46557908
                                                                                                    • Opcode ID: 1f2ce1bfc4b5db637cdded1d851d8da29771d756e0cd539cdd1354d5fd4a4236
                                                                                                    • Instruction ID: 64dd0e2ee35109f7ddce602d131b9729cd6ce1d30f196323c5e33fc237a124de
                                                                                                    • Opcode Fuzzy Hash: 1f2ce1bfc4b5db637cdded1d851d8da29771d756e0cd539cdd1354d5fd4a4236
                                                                                                    • Instruction Fuzzy Hash: 8041D432E40214BBDF216FE4CC06BAE7AAFEB04710F15416AFD04AA791D7728E1096D6
                                                                                                    Function 006967E5 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 131libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,ntdll,?), ref: 00696835
                                                                                                    • GetLastError.KERNEL32 ref: 0069683F
                                                                                                    • GetProcAddress.KERNEL32(?,RtlGetVersion), ref: 00696882
                                                                                                    • GetLastError.KERNEL32 ref: 0069688C
                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,?), ref: 0069699D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$AddressFreeHandleLibraryModuleProc
                                                                                                    • String ID: Failed to get OS info.$Failed to locate NTDLL.$Failed to locate RtlGetVersion.$Failed to set variant value.$RtlGetVersion$ntdll$variable.cpp
                                                                                                    • API String ID: 3057421322-109962352
                                                                                                    • Opcode ID: 0edac1a3c549020b98bf3c6ad1e0bdecc5d6da74855c5b0e9241a4852fe8bc28
                                                                                                    • Instruction ID: f3f41648e872fe3689b920e870f2f927d041624ab18ee1688b3e702386afa044
                                                                                                    • Opcode Fuzzy Hash: 0edac1a3c549020b98bf3c6ad1e0bdecc5d6da74855c5b0e9241a4852fe8bc28
                                                                                                    • Instruction Fuzzy Hash: DC41B471E013399BDF319B65CD057EAB7FAEB08750F01019AF948F6290D7748E50CAA4
                                                                                                    Function 006947E9 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 128memorysynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TlsAlloc.KERNEL32(?,00000001,00000001,00000000,00000000,?,?,?,0069535E,?,?,?,?), ref: 0069481A
                                                                                                    • GetLastError.KERNEL32(?,?,?,0069535E,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0069482B
                                                                                                    • ReleaseMutex.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00694968
                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,0069535E,?,?,?,?,?,?,?,?,?,?,?), ref: 00694971
                                                                                                    Strings
                                                                                                    • Failed to create the message window., xrefs: 006948C6
                                                                                                    • engine.cpp, xrefs: 0069484F, 00694898
                                                                                                    • Failed to set elevated pipe into thread local storage for logging., xrefs: 006948A2
                                                                                                    • comres.dll, xrefs: 006948D7
                                                                                                    • Failed to connect to unelevated process., xrefs: 00694810
                                                                                                    • Failed to pump messages from parent process., xrefs: 0069493C
                                                                                                    • Failed to allocate thread local storage for logging., xrefs: 00694859
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocCloseErrorHandleLastMutexRelease
                                                                                                    • String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create the message window.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$comres.dll$engine.cpp
                                                                                                    • API String ID: 687263955-1790235126
                                                                                                    • Opcode ID: 8259493e389164091693dec06b0248dc2ac72f7d6c95c89cbb88eacde46a5891
                                                                                                    • Instruction ID: ccd77ff6d85d90eb23ca8308c817100a912487e64cf08e1a2bd35dd4e003c56f
                                                                                                    • Opcode Fuzzy Hash: 8259493e389164091693dec06b0248dc2ac72f7d6c95c89cbb88eacde46a5891
                                                                                                    • Instruction Fuzzy Hash: 6041B272E00615FADF51ABA0CC45EEBB7AEBF04750F02022BFA15E3650DB60AD1187E4
                                                                                                    Function 006A39FD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 128COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,?,00000000,crypt32.dll), ref: 006A3A51
                                                                                                    • GetLastError.KERNEL32(?,00000000,crypt32.dll), ref: 006A3A5B
                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,00000104,?,?,00000000,crypt32.dll), ref: 006A3AC4
                                                                                                    • ProcessIdToSessionId.KERNEL32(00000000,?,00000000,crypt32.dll), ref: 006A3ACB
                                                                                                    Strings
                                                                                                    • Failed to get temp folder., xrefs: 006A3A89
                                                                                                    • Failed to format session id as a string., xrefs: 006A3AF9
                                                                                                    • Failed to get length of temp folder., xrefs: 006A3AB5
                                                                                                    • Failed to copy temp folder., xrefs: 006A3B7A
                                                                                                    • crypt32.dll, xrefs: 006A3A10
                                                                                                    • %u\, xrefs: 006A3AE5
                                                                                                    • logging.cpp, xrefs: 006A3A7F
                                                                                                    • Failed to get length of session id string., xrefs: 006A3B1D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentErrorLastPathSessionTemp
                                                                                                    • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$crypt32.dll$logging.cpp
                                                                                                    • API String ID: 1726527325-3274134579
                                                                                                    • Opcode ID: 6c9ebc9984746a60ba0104695325fcf29792bfe446e017d1ce62f121aec90cb7
                                                                                                    • Instruction ID: 62b4a0fa5220d96afec9cf6dc4fb525632cacec737c9dfbf75dbb0282225f0fb
                                                                                                    • Opcode Fuzzy Hash: 6c9ebc9984746a60ba0104695325fcf29792bfe446e017d1ce62f121aec90cb7
                                                                                                    • Instruction Fuzzy Hash: 25418572D4133DABDB20AB648C4DFDAB7BADB15710F110196F908A7251D6709F818FE4
                                                                                                    Function 00697E7C Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 214COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,000000B9,00000002,?,00000000,00000000), ref: 00697E99
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?), ref: 006980C1
                                                                                                    Strings
                                                                                                    • Failed to write literal flag., xrefs: 0069809A
                                                                                                    • Failed to write variable count., xrefs: 00697EB4
                                                                                                    • feclient.dll, xrefs: 00697F74, 00697FCA, 0069800B
                                                                                                    • Failed to write variable name., xrefs: 006980A8
                                                                                                    • Failed to get string., xrefs: 0069808C
                                                                                                    • Failed to write included flag., xrefs: 006980AF
                                                                                                    • Failed to write variable value as number., xrefs: 0069806B
                                                                                                    • Unsupported variable type., xrefs: 0069807E
                                                                                                    • Failed to write variable value as string., xrefs: 00698085
                                                                                                    • Failed to write variable value type., xrefs: 006980A1
                                                                                                    • Failed to get version., xrefs: 00698072
                                                                                                    • Failed to get numeric., xrefs: 00698093
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to get numeric.$Failed to get string.$Failed to get version.$Failed to write included flag.$Failed to write literal flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$feclient.dll
                                                                                                    • API String ID: 3168844106-2118673349
                                                                                                    • Opcode ID: 1573bb1fc90fa5ef8aabaa0f60663fc6943a51ac7aa88fab0dc56ab8298d1409
                                                                                                    • Instruction ID: cb6ea9678858e85d2a9e2cc463fe55ebf68ae25f2e8b8ad011dc2d3245cad3b7
                                                                                                    • Opcode Fuzzy Hash: 1573bb1fc90fa5ef8aabaa0f60663fc6943a51ac7aa88fab0dc56ab8298d1409
                                                                                                    • Instruction Fuzzy Hash: 17618F32D0061AAFCF229F64CD41BAEBB6FFF06354F114266F90067A50CB319D599BA1
                                                                                                    Function 006D6BF6 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 166COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,label,000000FF,?,?,?,7591DFD0,?,006D7172,?,?), ref: 006D6C4C
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6CB7
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6D2F
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6D71
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Free$Compare
                                                                                                    • String ID: feclient.dll$label$rqm$rqm$scheme$term
                                                                                                    • API String ID: 1324494773-3332019475
                                                                                                    • Opcode ID: db2e62d71049e82c4290641b930fab5ec15291f9477168fd64a9525d90e7b7c1
                                                                                                    • Instruction ID: d1d9065d3dcd2eb1d6e805687ed65a137ff7caa2244595c521a8300b234426ed
                                                                                                    • Opcode Fuzzy Hash: db2e62d71049e82c4290641b930fab5ec15291f9477168fd64a9525d90e7b7c1
                                                                                                    • Instruction Fuzzy Hash: 17514D75E01219FBCB21CB94CC55FAEBBBAEF04711F21029AF511AA3A0D7319E40DB90
                                                                                                    Function 006D01F0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 123COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 006D0234
                                                                                                    • GetComputerNameW.KERNEL32(?,?), ref: 006D028C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Name$ComputerFileModule
                                                                                                    • String ID: --- logging level: %hs ---$8bo$=== Logging started: %ls ===$@bo$Computer : %ls$Executable: %ls v%d.%d.%d.%d$Hbo$Tbo$\bo$dbo
                                                                                                    • API String ID: 2577110986-3707566666
                                                                                                    • Opcode ID: b59b36fe5e6c487e784a5cf129c41d62dae6dec092fa0035f711d2be8d45db2b
                                                                                                    • Instruction ID: c10bfe62fb75bfd1c4682ebf13fcbbc4de5d4835065569b0792b919f9001ccca
                                                                                                    • Opcode Fuzzy Hash: b59b36fe5e6c487e784a5cf129c41d62dae6dec092fa0035f711d2be8d45db2b
                                                                                                    • Instruction Fuzzy Hash: 4F4154F1D0011DABDB209F64DC85EFA77BEEB54300F0141AAFA09A7241D630AE858F65
                                                                                                    Function 006A95AC Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 122fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,006AA63D,?,00000000,?,?,006BB049), ref: 006A95C7
                                                                                                    • GetLastError.KERNEL32(?,006AA63D,?,00000000,?,?,006BB049,?,00000000,?,00000000,?,?,006BB049,?), ref: 006A95D7
                                                                                                    • CloseHandle.KERNEL32(?,006BB049,00000001,00000003,000007D0,?,?,006BB049,?), ref: 006A96E4
                                                                                                    Strings
                                                                                                    • %ls payload from working path '%ls' to path '%ls', xrefs: 006A968F
                                                                                                    • cache.cpp, xrefs: 006A95FB
                                                                                                    • Failed to verify payload hash: %ls, xrefs: 006A966F
                                                                                                    • Failed to verify payload signature: %ls, xrefs: 006A9632
                                                                                                    • Moving, xrefs: 006A9686, 006A968E
                                                                                                    • Failed to move %ls to %ls, xrefs: 006A96BC
                                                                                                    • Failed to open payload in working path: %ls, xrefs: 006A9606
                                                                                                    • Copying, xrefs: 006A9679
                                                                                                    • Failed to copy %ls to %ls, xrefs: 006A96D2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                    • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
                                                                                                    • API String ID: 2528220319-1604654059
                                                                                                    • Opcode ID: 3896864ae3ac29df771187eefd8f992ebd660e4d1242189741e12a8e4c543f36
                                                                                                    • Instruction ID: 1d70c3fc33a6b748afdecde8f176daed48d76bcecf6c9b642b32f67aa79a414b
                                                                                                    • Opcode Fuzzy Hash: 3896864ae3ac29df771187eefd8f992ebd660e4d1242189741e12a8e4c543f36
                                                                                                    • Instruction Fuzzy Hash: D031C371E41364BBFB213A668C06FAB2A5FDF43B50F16111AFD04AB391D6609D008AF9
                                                                                                    Function 006B1341 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 80synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetEvent.KERNEL32(006DB468,=Si,00000000,?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000,?), ref: 006B135E
                                                                                                    • GetLastError.KERNEL32(?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000,?,00695381,FFF9E89D,00695381), ref: 006B1368
                                                                                                    • WaitForSingleObject.KERNEL32(006DB478,000000FF,?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000,?,00695381), ref: 006B13A2
                                                                                                    • GetLastError.KERNEL32(?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000,?,00695381,FFF9E89D,00695381), ref: 006B13AC
                                                                                                    • CloseHandle.KERNEL32(00000000,00695381,=Si,00000000,?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000), ref: 006B13F7
                                                                                                    • CloseHandle.KERNEL32(00000000,00695381,=Si,00000000,?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000), ref: 006B1406
                                                                                                    • CloseHandle.KERNEL32(00000000,00695381,=Si,00000000,?,0069C06D,=Si,006952B5,00000000,?,006A763B,?,00695565,00695371,00695371,00000000), ref: 006B1415
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$ErrorLast$EventObjectSingleWait
                                                                                                    • String ID: =Si$=Si$Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
                                                                                                    • API String ID: 1206859064-2661130389
                                                                                                    • Opcode ID: e8d12f9e41e8d9c0adbba39684e144bdbd20bb2365ce5e8d45593c096d8ca4dd
                                                                                                    • Instruction ID: f100c710b0a3ef5e7961946c838e1ff02dbcb278d96a71eb30d48feb5f0aeaa8
                                                                                                    • Opcode Fuzzy Hash: e8d12f9e41e8d9c0adbba39684e144bdbd20bb2365ce5e8d45593c096d8ca4dd
                                                                                                    • Instruction Fuzzy Hash: 9A210772100700EBE7305B26DC457A773F7FF84711F02062EE44A95AA0E775E881CB29
                                                                                                    Function 00696C5D Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 167COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000001,?,00000000,0069533D,00000000,00000001), ref: 00696C6E
                                                                                                      • Part of subcall function 006955B6: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,0069648B,0069648B,?,0069554A,?,?,00000000), ref: 006955F2
                                                                                                      • Part of subcall function 006955B6: GetLastError.KERNEL32(?,0069554A,?,?,00000000,?,00000000,0069648B,?,00697DDC,?,?,?,?,?), ref: 00695621
                                                                                                    • LeaveCriticalSection.KERNEL32(00000001,?,00000001), ref: 00696E02
                                                                                                    Strings
                                                                                                    • Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00696E14
                                                                                                    • variable.cpp, xrefs: 00696CF1
                                                                                                    • Setting numeric variable '%ls' to value %lld, xrefs: 00696DA3
                                                                                                    • Failed to insert variable '%ls'., xrefs: 00696CB3
                                                                                                    • Setting string variable '%ls' to value '%ls', xrefs: 00696D96
                                                                                                    • Failed to find variable value '%ls'., xrefs: 00696C89
                                                                                                    • Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00696D79
                                                                                                    • Setting hidden variable '%ls', xrefs: 00696D2C
                                                                                                    • Attempt to set built-in variable value: %ls, xrefs: 00696CFC
                                                                                                    • Failed to set value of variable: %ls, xrefs: 00696DEA
                                                                                                    • Unsetting variable '%ls', xrefs: 00696DBE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$CompareEnterErrorLastLeaveString
                                                                                                    • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
                                                                                                    • API String ID: 2716280545-445000439
                                                                                                    • Opcode ID: 0038e392cd22d36d7505d118d2f6cd3d4e529da34ecb6c04be74e3d3b284d92e
                                                                                                    • Instruction ID: bc8642bccb067934b58d0ee4d9c3bbad83f0fc593491225ae150ef40c51c1061
                                                                                                    • Opcode Fuzzy Hash: 0038e392cd22d36d7505d118d2f6cd3d4e529da34ecb6c04be74e3d3b284d92e
                                                                                                    • Instruction Fuzzy Hash: 5A512071A00329ABDF309E24CD4AFAB3AAFEF91710F11011EF8556AB81C274DD55CAE1
                                                                                                    Function 006A2A60 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 006A2ACD
                                                                                                    Strings
                                                                                                    • wininet.dll, xrefs: 006A2D1E
                                                                                                    • crypt32.dll, xrefs: 006A2B18, 006A2C16, 006A2D0B, 006A2D80
                                                                                                    • Failed to create the string dictionary., xrefs: 006A2B06
                                                                                                    • Failed to add dependent bundle provider key to ignore dependents., xrefs: 006A2C37
                                                                                                    • Failed to allocate registration action., xrefs: 006A2B36
                                                                                                    • Failed to check for remaining dependents during planning., xrefs: 006A2C73
                                                                                                    • Failed to add self-dependent to ignore dependents., xrefs: 006A2B51
                                                                                                    • Failed to add registration action for dependent related bundle., xrefs: 006A2DD5
                                                                                                    • Failed to add dependents ignored from command-line., xrefs: 006A2B82
                                                                                                    • Failed to add registration action for self dependent., xrefs: 006A2D9E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                    • API String ID: 1825529933-1705955799
                                                                                                    • Opcode ID: a05dc39f1f0f726fe761a0db76a851e96a650c6c8cfe9f473e5d372bfb7c863b
                                                                                                    • Instruction ID: d853106e05012f2d5c121cfab5f0f30a90f8beafaa8e8ec0d5a65058316512fa
                                                                                                    • Opcode Fuzzy Hash: a05dc39f1f0f726fe761a0db76a851e96a650c6c8cfe9f473e5d372bfb7c863b
                                                                                                    • Instruction Fuzzy Hash: CFB18D70A40217EFCF65AF68C8A1BAA7BA7BF45310F008169F8059A252D770DD51DF90
                                                                                                    Function 006949DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsWindow.USER32(?), ref: 00694B5E
                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00694B6F
                                                                                                    Strings
                                                                                                    • Failed to create the message window., xrefs: 00694A92
                                                                                                    • Failed to open log., xrefs: 00694A12
                                                                                                    • WixBundleLayoutDirectory, xrefs: 00694AEF
                                                                                                    • Failed while running , xrefs: 00694B24
                                                                                                    • Failed to check global conditions, xrefs: 00694A43
                                                                                                    • Failed to set action variables., xrefs: 00694ABE
                                                                                                    • Failed to set registration variables., xrefs: 00694AD8
                                                                                                    • Failed to query registration., xrefs: 00694AA8
                                                                                                    • Failed to set layout directory variable to value provided from command-line., xrefs: 00694B00
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostWindow
                                                                                                    • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                    • API String ID: 3618638489-3051724725
                                                                                                    • Opcode ID: ee01c25986e41fce6c2e7fdfa1527f46de871ee40e6539c1990da5ae60a53687
                                                                                                    • Instruction ID: 674c326a20e84c03f8e3e322305cb77c09906e5d3c7909abb955288512ac8100
                                                                                                    • Opcode Fuzzy Hash: ee01c25986e41fce6c2e7fdfa1527f46de871ee40e6539c1990da5ae60a53687
                                                                                                    • Instruction Fuzzy Hash: AC41E871A4061AFBDF266A60CC41FBAB65FFF05750F01021AF80896A58EF61ED12D7D4
                                                                                                    Function 0069CABE Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 144COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,?,000000FF,00695381,?,006952B5,00000000,00695381,FFF9E89D,00695381,006953B5,0069533D,?), ref: 0069CB15
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: =Si$=Si$Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                    • API String ID: 1825529933-1323026756
                                                                                                    • Opcode ID: bfb79e2e92d6ab911529952fd3994a88ea90254ff65a38b4c11f8b68eba81c04
                                                                                                    • Instruction ID: c1f29f161eb453905665398e8a69abff380e7a7738ac152b4f39eb0609ed250c
                                                                                                    • Opcode Fuzzy Hash: bfb79e2e92d6ab911529952fd3994a88ea90254ff65a38b4c11f8b68eba81c04
                                                                                                    • Instruction Fuzzy Hash: 3E41B071D00219EBCF25DF84CD829AEBBABAF40720F1181AAE805AB755C7709D41DB94
                                                                                                    Function 006AEDFE Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 124COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • EnterCriticalSection.KERNEL32(?,00000014,00000001), ref: 006AEE1B
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 006AEF48
                                                                                                    Strings
                                                                                                    • UX requested unknown approved exe with id: %ls, xrefs: 006AEE7B
                                                                                                    • Failed to post launch approved exe message., xrefs: 006AEF33
                                                                                                    • Failed to copy the id., xrefs: 006AEEAD
                                                                                                    • EngineForApplication.cpp, xrefs: 006AEF29
                                                                                                    • Failed to copy the arguments., xrefs: 006AEEDA
                                                                                                    • Engine is active, cannot change engine state., xrefs: 006AEE36
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalHeapSection$AllocateEnterLeaveProcess
                                                                                                    • String ID: Engine is active, cannot change engine state.$EngineForApplication.cpp$Failed to copy the arguments.$Failed to copy the id.$Failed to post launch approved exe message.$UX requested unknown approved exe with id: %ls
                                                                                                    • API String ID: 1367039788-528931743
                                                                                                    • Opcode ID: dae396a093b493065e4b036406b4a76de041d14e330cdfa7169c4254d78739ab
                                                                                                    • Instruction ID: ae17704f6e5fdedaec9da93da1c5c89954f2a1985edcd8b3f55cb1f642cf8b39
                                                                                                    • Opcode Fuzzy Hash: dae396a093b493065e4b036406b4a76de041d14e330cdfa7169c4254d78739ab
                                                                                                    • Instruction Fuzzy Hash: 4A31D332A41325AFEB51AF64DC45E6B77AAEF05720B06802AFD04EB351D732DC008BA5
                                                                                                    Function 006A9496 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,006AA5CE,?,00000000,?,?,006BB041), ref: 006A94B1
                                                                                                    • GetLastError.KERNEL32(?,006AA5CE,?,00000000,?,?,006BB041,?,00000000,?,00000000,?,?,006BB041,?), ref: 006A94BF
                                                                                                    • CloseHandle.KERNEL32(?,006BB041,00000001,00000003,000007D0,?,?,006BB041,?), ref: 006A959E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                    • String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
                                                                                                    • API String ID: 2528220319-1187406825
                                                                                                    • Opcode ID: 1f073c51fef8b6f72e5fbb54ffdcd6ab6a9c33028affcc16e6a3b7a9c4e96782
                                                                                                    • Instruction ID: a764b12b44ec3603ced67e20369104cf201fa2c9bb3b6f86d8f46509d43dd8d4
                                                                                                    • Opcode Fuzzy Hash: 1f073c51fef8b6f72e5fbb54ffdcd6ab6a9c33028affcc16e6a3b7a9c4e96782
                                                                                                    • Instruction Fuzzy Hash: 98210471E813647BE7222A269C47FAB265FDF52B50F150119FD05BA3C0D2A19D0189F9
                                                                                                    Function 00696E5A Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 227COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00696E89
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00697095
                                                                                                    Strings
                                                                                                    • Failed to read variable name., xrefs: 0069707E
                                                                                                    • Failed to set variable., xrefs: 00697069
                                                                                                    • Failed to read variable count., xrefs: 00696EA9
                                                                                                    • Failed to read variable literal flag., xrefs: 00697070
                                                                                                    • Failed to set variable value., xrefs: 00697048
                                                                                                    • Unsupported variable type., xrefs: 0069705B
                                                                                                    • Failed to read variable value type., xrefs: 00697077
                                                                                                    • Failed to read variable value as number., xrefs: 0069704F
                                                                                                    • Failed to read variable value as string., xrefs: 00697062
                                                                                                    • Failed to read variable included flag., xrefs: 00697085
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable literal flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable value.$Failed to set variable.$Unsupported variable type.
                                                                                                    • API String ID: 3168844106-528957463
                                                                                                    • Opcode ID: a15739bf5aac3bd4084b0faecfabd805a1e9299eafee0001ecc3879958280058
                                                                                                    • Instruction ID: c400b141162fbb5197b016048d49bd84fddcad6f3c6e75f73418bab841a9de01
                                                                                                    • Opcode Fuzzy Hash: a15739bf5aac3bd4084b0faecfabd805a1e9299eafee0001ecc3879958280058
                                                                                                    • Instruction Fuzzy Hash: 4F718EB2C1521AABDF21EEA4CC45EEEBBBFEB04710F114126F900A6650D7319E159B90
                                                                                                    Function 006A3E47 Relevance: 18.2, APIs: 1, Strings: 11, Instructions: 220sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006A3955: RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,006A3E61,feclient.dll,?,00000000,?,?,?,00694A0C), ref: 006A39F1
                                                                                                    • Sleep.KERNEL32(000007D0,00000001,feclient.dll,?,00000000,?,?,?,00694A0C,?,?,006DB478,?,00000001,00000000,00000000), ref: 006A3EF8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseSleep
                                                                                                    • String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$crypt32.dll$feclient.dll$log$msasn1.dll
                                                                                                    • API String ID: 2834455192-2618302845
                                                                                                    • Opcode ID: c34300a0c81cbde008bdc4413ce448ed733c8b96bb52d287788f5861a4406260
                                                                                                    • Instruction ID: 70ba7408bec4c732f3c236d1830879785419ae561015fad77dca9e98efc7c352
                                                                                                    • Opcode Fuzzy Hash: c34300a0c81cbde008bdc4413ce448ed733c8b96bb52d287788f5861a4406260
                                                                                                    • Instruction Fuzzy Hash: 7B61B671A10625BFDF11BF74CC46B6A76ABEF06340B14415AF801DB341EBB1DE509B91
                                                                                                    Function 006D43A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 247fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 006D4425
                                                                                                    • GetLastError.KERNEL32 ref: 006D443B
                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?), ref: 006D4486
                                                                                                    • GetLastError.KERNEL32 ref: 006D4490
                                                                                                    • CloseHandle.KERNEL32(?), ref: 006D4650
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$CloseCreateHandleSize
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 3555958901-2967768451
                                                                                                    • Opcode ID: 98c1106add20252b44ff32536153f87260d2654f07099683095aa31b2ba7153b
                                                                                                    • Instruction ID: 9338efd3dbc4fca983c9963ac79c7fb6ecc32ee82042118ff30b8f4c6c09587a
                                                                                                    • Opcode Fuzzy Hash: 98c1106add20252b44ff32536153f87260d2654f07099683095aa31b2ba7153b
                                                                                                    • Instruction Fuzzy Hash: 1871D271E00225ABEF219E699C44BBB76EAEF40760F15412BFD15EB390DB74CD0187A4
                                                                                                    Function 006A4B96 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • UuidCreate.RPCRT4(?), ref: 006A4BC9
                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 006A4BF8
                                                                                                    • UuidCreate.RPCRT4(?), ref: 006A4C43
                                                                                                    • StringFromGUID2.OLE32(?,?,00000027), ref: 006A4C6F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateFromStringUuid
                                                                                                    • String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
                                                                                                    • API String ID: 4041566446-2510341293
                                                                                                    • Opcode ID: 7e3347c0078c472103f81444aca145bf07de446196d422203f470cb4b897ea71
                                                                                                    • Instruction ID: fb9722171ac181b1f35993042bc71446735021bb5078d0cf446907979420e606
                                                                                                    • Opcode Fuzzy Hash: 7e3347c0078c472103f81444aca145bf07de446196d422203f470cb4b897ea71
                                                                                                    • Instruction Fuzzy Hash: 0F417372D01318ABDB10EBE5CD45EDEB7FAAB85710F21412AE50AAB240DA749E45CF60
                                                                                                    Function 00695F14 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 105timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemTime.KERNEL32(?), ref: 00695F3F
                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,00000000,00000000), ref: 00695F53
                                                                                                    • GetLastError.KERNEL32 ref: 00695F65
                                                                                                    • GetDateFormatW.KERNEL32(00000400,00000001,?,00000000,?,00000000,?,00000000), ref: 00695FB8
                                                                                                    • GetLastError.KERNEL32 ref: 00695FC2
                                                                                                    Strings
                                                                                                    • Failed to get the Date., xrefs: 00695FE6
                                                                                                    • Failed to allocate the buffer for the Date., xrefs: 00695FA0
                                                                                                    • variable.cpp, xrefs: 00695F7F, 00695FDC
                                                                                                    • Failed to set variant value., xrefs: 00695FFF
                                                                                                    • Failed to get the required buffer length for the Date., xrefs: 00695F89
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DateErrorFormatLast$SystemTime
                                                                                                    • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 2700948981-3682088697
                                                                                                    • Opcode ID: cc6defdc3459661e7c5b7ce826f3ac587bd5fe6394f8e84f0bf8a475474f8964
                                                                                                    • Instruction ID: 56baefe4a66f47235d9ef4f59b14ac644805ca344bea52ccf9d59b90e790ef26
                                                                                                    • Opcode Fuzzy Hash: cc6defdc3459661e7c5b7ce826f3ac587bd5fe6394f8e84f0bf8a475474f8964
                                                                                                    • Instruction Fuzzy Hash: 0C31CB72E40719AADF21ABE5CC45EBF77AEAB04720F11002AFA01F7650DA709D04C7A5
                                                                                                    Function 006AE82A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00695386,?,?), ref: 006AE84A
                                                                                                    • GetLastError.KERNEL32(?,00695386,?,?), ref: 006AE857
                                                                                                    • CreateThread.KERNEL32(00000000,00000000,006AE563,?,00000000,00000000), ref: 006AE8B0
                                                                                                    • GetLastError.KERNEL32(?,00695386,?,?), ref: 006AE8BD
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,00695386,?,?), ref: 006AE8F8
                                                                                                    • CloseHandle.KERNEL32(00000000,?,00695386,?,?), ref: 006AE917
                                                                                                    • CloseHandle.KERNEL32(?,?,00695386,?,?), ref: 006AE924
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                    • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                    • API String ID: 2351989216-3599963359
                                                                                                    • Opcode ID: 966ecab531ee2afebee4893b5fded23b3aa5b654e71b11d51a834189c3487f0f
                                                                                                    • Instruction ID: 01b19f52b1e669aa25cc9950bd0abf70ccf8dc0f49b24a8aecebf530ba84dbcd
                                                                                                    • Opcode Fuzzy Hash: 966ecab531ee2afebee4893b5fded23b3aa5b654e71b11d51a834189c3487f0f
                                                                                                    • Instruction Fuzzy Hash: 75316871E01319FFEB10AFA99D84AAFB7EDEF08750F11412AF915F7250D6318E008AA1
                                                                                                    Function 006AE3F4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,00695386,?,?), ref: 006AE415
                                                                                                    • GetLastError.KERNEL32(?,?,00695386,?,?), ref: 006AE422
                                                                                                    • CreateThread.KERNEL32(00000000,00000000,006AE177,00000000,00000000,00000000), ref: 006AE481
                                                                                                    • GetLastError.KERNEL32(?,?,00695386,?,?), ref: 006AE48E
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,00695386,?,?), ref: 006AE4C9
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00695386,?,?), ref: 006AE4DD
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00695386,?,?), ref: 006AE4EA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
                                                                                                    • String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
                                                                                                    • API String ID: 2351989216-1977201954
                                                                                                    • Opcode ID: 508ddbe9978cc63d25e80c050b8bf141944d89129c8d6f3f8d414bd92fcb5f71
                                                                                                    • Instruction ID: 9d4ea7a0aea804d43215ad93caeeb00de02de0a722d990e125be403f303911eb
                                                                                                    • Opcode Fuzzy Hash: 508ddbe9978cc63d25e80c050b8bf141944d89129c8d6f3f8d414bd92fcb5f71
                                                                                                    • Instruction Fuzzy Hash: 8F318171D01319BBEB10ABAADC05AAFBBFAEF49710F11412BFD14E2250D6314E018EA0
                                                                                                    Function 006B1224 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,75922F60,?,?,006952FD,006952B5,00000000,0069533D), ref: 006B1249
                                                                                                    • GetLastError.KERNEL32 ref: 006B125C
                                                                                                    • GetExitCodeThread.KERNEL32(006DB478,?), ref: 006B129E
                                                                                                    • GetLastError.KERNEL32 ref: 006B12AC
                                                                                                    • ResetEvent.KERNEL32(006DB450), ref: 006B12E7
                                                                                                    • GetLastError.KERNEL32 ref: 006B12F1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                    • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                    • API String ID: 2979751695-3400260300
                                                                                                    • Opcode ID: 223290297be2e100f1b99705adcff529e72d4d11d440278b7f766fb9679206cc
                                                                                                    • Instruction ID: 89471910f83a4553f12225288cfedde12d6200b1c09eb5e2c05dcb43e48cea57
                                                                                                    • Opcode Fuzzy Hash: 223290297be2e100f1b99705adcff529e72d4d11d440278b7f766fb9679206cc
                                                                                                    • Instruction Fuzzy Hash: 2721E3B1B01304FFEB149BB69D15ABE77EAEB05700F40412FB846DA2A0E730DA409B14
                                                                                                    Function 0069D5C0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(E42EB675,00000000,?,006946F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00695386,?,?), ref: 0069D5CD
                                                                                                    • GetLastError.KERNEL32(?,006946F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00695386,?,?), ref: 0069D5DA
                                                                                                    • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0069D612
                                                                                                    • GetLastError.KERNEL32(?,006946F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00695386,?,?), ref: 0069D61E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                    • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
                                                                                                    • API String ID: 1866314245-1140179540
                                                                                                    • Opcode ID: eca2f2f27eff47b404c52bccd1fae4d6385e0c660c0cf8b2f97a049be9728fa9
                                                                                                    • Instruction ID: 618c37696513e6d4cfd8fc3d740c066d48648c665054c9883c3665c86d07ef07
                                                                                                    • Opcode Fuzzy Hash: eca2f2f27eff47b404c52bccd1fae4d6385e0c660c0cf8b2f97a049be9728fa9
                                                                                                    • Instruction Fuzzy Hash: 7711A332E41721ABEB215BA99C05B6B37DADF05750F02413BFD0AE7B90DA20CC0086E5
                                                                                                    Function 006A91F7 Relevance: 16.7, APIs: 2, Strings: 9, Instructions: 223COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 006A9297
                                                                                                    • GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 006A92BB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast
                                                                                                    • String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp
                                                                                                    • API String ID: 1452528299-4263581490
                                                                                                    • Opcode ID: 4a32522ddcfaac3a606767dd1ba185c8a8dacde0936d00d9be2d9f085e6b45fc
                                                                                                    • Instruction ID: 956b2165007ccefe52ada62e7a0678aa9f8fe354f35d1e1f02130c7c223a75f7
                                                                                                    • Opcode Fuzzy Hash: 4a32522ddcfaac3a606767dd1ba185c8a8dacde0936d00d9be2d9f085e6b45fc
                                                                                                    • Instruction Fuzzy Hash: FE716271D00329AADF11EBA9CC41BEEB7F9EF09310F21412AE915F7291E7749D018BA4
                                                                                                    Function 006AE31B Relevance: 16.6, APIs: 11, Instructions: 86windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 006AE326
                                                                                                    • DefWindowProcW.USER32(?,00000082,?,?), ref: 006AE364
                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 006AE371
                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 006AE380
                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 006AE38E
                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 006AE39A
                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 006AE3AB
                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 006AE3CD
                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 006AE3D5
                                                                                                    • DeleteDC.GDI32(00000000), ref: 006AE3D8
                                                                                                    • PostQuitMessage.USER32(00000000), ref: 006AE3E6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
                                                                                                    • String ID:
                                                                                                    • API String ID: 409979828-0
                                                                                                    • Opcode ID: 4efdebd930c5424d51721750e02bb8e6c67f6213ea32448528b6062f14be9894
                                                                                                    • Instruction ID: 4b3bb6c2a9f2513e815406369662e985b2c5baa3c92fff98d67aed2d7681e1fa
                                                                                                    • Opcode Fuzzy Hash: 4efdebd930c5424d51721750e02bb8e6c67f6213ea32448528b6062f14be9894
                                                                                                    • Instruction Fuzzy Hash: 20217A32500108FFCF156F699C4CE7B3FAAEF4A321B165519F616972A0DB328C10AB61
                                                                                                    Function 006A9F36 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 220COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • WixBundleLastUsedSource, xrefs: 006A9F9D
                                                                                                    • Failed to copy source path., xrefs: 006AA113
                                                                                                    • Failed to combine layout source with source., xrefs: 006AA0A0
                                                                                                    • Failed to get current process directory., xrefs: 006A9FEF
                                                                                                    • WixBundleLayoutDirectory, xrefs: 006AA068
                                                                                                    • Failed to combine last source with source., xrefs: 006AA00C
                                                                                                    • Failed to get bundle layout directory property., xrefs: 006AA083
                                                                                                    • WixBundleOriginalSource, xrefs: 006A9FB3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$CloseFileFirstlstrlen
                                                                                                    • String ID: Failed to combine last source with source.$Failed to combine layout source with source.$Failed to copy source path.$Failed to get bundle layout directory property.$Failed to get current process directory.$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleOriginalSource
                                                                                                    • API String ID: 2767606509-3003062821
                                                                                                    • Opcode ID: 026be7594b21b01747f5e3aabfbe14d73e8a7f2930968fdc1ae0633a0284da3e
                                                                                                    • Instruction ID: 38040ed0196fdc2ad8af90d5c22c1adc2de5bfe0c4b15f83cf0707e6eaea87ea
                                                                                                    • Opcode Fuzzy Hash: 026be7594b21b01747f5e3aabfbe14d73e8a7f2930968fdc1ae0633a0284da3e
                                                                                                    • Instruction Fuzzy Hash: AA713A71D00219AEDF12EFE8D841AFEBBBAAF09714F11012AF901F6250D7759D41CB66
                                                                                                    Function 00693083 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 206COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000040,00000000,00000000), ref: 006930C7
                                                                                                    • GetLastError.KERNEL32 ref: 006930D1
                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00693129
                                                                                                    • GetLastError.KERNEL32 ref: 00693133
                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00000040,00000000,00000000,00000000,00000040,00000000,00000000), ref: 006931EC
                                                                                                    • GetLastError.KERNEL32 ref: 006931F6
                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00000007,00000000,00000000,00000000,00000007), ref: 0069324D
                                                                                                    • GetLastError.KERNEL32 ref: 00693257
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
                                                                                                    • String ID: pathutil.cpp
                                                                                                    • API String ID: 1547313835-741606033
                                                                                                    • Opcode ID: acc37d6fecf9f55ff5e505b205c3f1a8a08fe625c8cb680ba12a0d8e7a197c1b
                                                                                                    • Instruction ID: 8d6aa64f1c4e56ca79d398a79c71393d6b92ea4e3dc2e0fb21753625c6f49cc0
                                                                                                    • Opcode Fuzzy Hash: acc37d6fecf9f55ff5e505b205c3f1a8a08fe625c8cb680ba12a0d8e7a197c1b
                                                                                                    • Instruction Fuzzy Hash: 6D618F32E00239ABDF219BA58C49BEE7BEEEB44750F124166ED15E7650E734CF009B94
                                                                                                    Function 00692DE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 198sleepfiletimeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001,00000000,00000000), ref: 00692E7A
                                                                                                    • GetLastError.KERNEL32 ref: 00692E84
                                                                                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00692F1F
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 00692FAD
                                                                                                    • GetLastError.KERNEL32 ref: 00692FBA
                                                                                                    • Sleep.KERNEL32(00000064), ref: 00692FCC
                                                                                                    • CloseHandle.KERNEL32(?), ref: 0069302C
                                                                                                    Strings
                                                                                                    • pathutil.cpp, xrefs: 00692EA8
                                                                                                    • %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 00692F7D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime
                                                                                                    • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
                                                                                                    • API String ID: 3480017824-1101990113
                                                                                                    • Opcode ID: 203b9922ea02acecb14b40ec4bb8617235607b9dbc4781e840258a3b4e1b415c
                                                                                                    • Instruction ID: 0506b28100035325a3b457a7cdf593d64c9d48019dd0ad9204d62c80317cc0ae
                                                                                                    • Opcode Fuzzy Hash: 203b9922ea02acecb14b40ec4bb8617235607b9dbc4781e840258a3b4e1b415c
                                                                                                    • Instruction Fuzzy Hash: CD713572D41229BBDF709FA4DC48BEAB7FEAB08750F010196F905E7690D7749E818B60
                                                                                                    Function 00694690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 006946B5
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 006946BB
                                                                                                      • Part of subcall function 006AFC51: new.LIBCMT ref: 006AFC58
                                                                                                    • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00694749
                                                                                                    Strings
                                                                                                    • wininet.dll, xrefs: 006946E8
                                                                                                    • Unexpected return value from message pump., xrefs: 0069479F
                                                                                                    • engine.cpp, xrefs: 00694795
                                                                                                    • Failed to load UX., xrefs: 006946FE
                                                                                                    • Failed to create engine for UX., xrefs: 006946D5
                                                                                                    • Failed to start bootstrapper application., xrefs: 00694717
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$CurrentPeekThread
                                                                                                    • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                    • API String ID: 673430819-2573580774
                                                                                                    • Opcode ID: 536be22ec91006322483f13949d24bae282db2a891c18a10446c453b82f8baec
                                                                                                    • Instruction ID: bc75c40b8ed3835279e7eec2613cdb149baac0db6e9e98314baf2cc7f3b328df
                                                                                                    • Opcode Fuzzy Hash: 536be22ec91006322483f13949d24bae282db2a891c18a10446c453b82f8baec
                                                                                                    • Instruction Fuzzy Hash: D741A371A00119BFEF159BE4CC85EBAB7AEEF05714F11012AF905EB640DF21ED0687A5
                                                                                                    Function 006A8CB5 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LocalFree.KERNEL32(00000000,?,00000001,80000005,?,00000000,00000000,00000000,00000003,000007D0), ref: 006A8E01
                                                                                                    Strings
                                                                                                    • Failed to create ACL to secure cache path: %ls, xrefs: 006A8DB7
                                                                                                    • cache.cpp, xrefs: 006A8DAC
                                                                                                    • Failed to allocate access for SYSTEM group to path: %ls, xrefs: 006A8D29
                                                                                                    • Failed to secure cache path: %ls, xrefs: 006A8DE4
                                                                                                    • Failed to allocate access for Everyone group to path: %ls, xrefs: 006A8D4A
                                                                                                    • Failed to allocate access for Users group to path: %ls, xrefs: 006A8D6B
                                                                                                    • Failed to allocate access for Administrators group to path: %ls, xrefs: 006A8D08
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeLocal
                                                                                                    • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
                                                                                                    • API String ID: 2826327444-4113288589
                                                                                                    • Opcode ID: a0a5a0d4eed2afe751cd81ed29750ea05a3257bd266c318c9286e3e9ff3a2f6b
                                                                                                    • Instruction ID: 862facba03ae0b2b95aef0dfc275d6b9272dafccf029987cc1a88ada7ae47e65
                                                                                                    • Opcode Fuzzy Hash: a0a5a0d4eed2afe751cd81ed29750ea05a3257bd266c318c9286e3e9ff3a2f6b
                                                                                                    • Instruction Fuzzy Hash: 9241F871E41369BAEB31B6558C45FEB7AAAEF12710F014069FA04BB2C1DE609D44CBA4
                                                                                                    Function 006B9A57 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,006BADE5,?,00000001,00000000), ref: 006B9AE1
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,006BADE5,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 006B9AEB
                                                                                                    • CopyFileExW.KERNEL32(00000000,00000000,006B993C,00000000,00000020,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 006B9B39
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,006BADE5,?,00000001,00000000,00000000,00000000,00000001,00000000), ref: 006B9B68
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$AttributesCopy
                                                                                                    • String ID: BA aborted copy of payload from: '%ls' to: %ls.$Failed attempt to copy payload from: '%ls' to: %ls.$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$copy
                                                                                                    • API String ID: 1969131206-836986073
                                                                                                    • Opcode ID: 6628602b8a46ec82b5d1d7ab5571d383a577eacdeb3a9642c9c543d949bb96be
                                                                                                    • Instruction ID: a4575c977d7cc9fc4715fd1f5821a15a45b4d9a2cd5957f519a6f14e19419b88
                                                                                                    • Opcode Fuzzy Hash: 6628602b8a46ec82b5d1d7ab5571d383a577eacdeb3a9642c9c543d949bb96be
                                                                                                    • Instruction Fuzzy Hash: 9331E3B1B41315BBEB109A669C81EFB779FEF00740B11812ABD09DA291E721CD4087F5
                                                                                                    Function 006D6ACD Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 116COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,7591DFD0,000000FF,name,000000FF,7591DFD0,?,7591DFD0,?,7591DFD0), ref: 006D6B2B
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,000000FF,000000FF,email,000000FF), ref: 006D6B48
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6B86
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6BCD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$CompareFree
                                                                                                    • String ID: 9qm$email$name$uri
                                                                                                    • API String ID: 3589242889-2839611215
                                                                                                    • Opcode ID: 52a008b8e26dc8d55eeedb349e79a8d7a50f4a9058b7fc70615cd7c15e55b875
                                                                                                    • Instruction ID: b3033a9e6a86df4e4b8fa695da66a719ebeeaf4ac57c3e9f8933c8e7471dbeb3
                                                                                                    • Opcode Fuzzy Hash: 52a008b8e26dc8d55eeedb349e79a8d7a50f4a9058b7fc70615cd7c15e55b875
                                                                                                    • Instruction Fuzzy Hash: D6410E35E05219BBCB11DBA4CC45FEE77B6AB04720F2142A6F911EB390C7319E54DB90
                                                                                                    Function 006AE05E Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadBitmapW.USER32(?,00000001), ref: 006AE094
                                                                                                    • GetLastError.KERNEL32 ref: 006AE0A0
                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 006AE0E7
                                                                                                    • GetCursorPos.USER32(?), ref: 006AE108
                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 006AE11A
                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 006AE130
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
                                                                                                    • String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp
                                                                                                    • API String ID: 2342928100-598475503
                                                                                                    • Opcode ID: 507c24cd0066ab52acfb6fecf55344f77c653c4d45de3ef06c8a5bb631e358a5
                                                                                                    • Instruction ID: 9ec9e408b367f29c750a88105f74d17c5fbf2f73dd20e356348822990a60df1d
                                                                                                    • Opcode Fuzzy Hash: 507c24cd0066ab52acfb6fecf55344f77c653c4d45de3ef06c8a5bb631e358a5
                                                                                                    • Instruction Fuzzy Hash: 7B313F71E01215DFDB10DFB9D945A9EBBF6EF08710F15911AE904EB244EB70D901CBA0
                                                                                                    Function 0069C7DF Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 97fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0069CC57: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,0069E336,000000FF,00000000,00000000,0069E336,?,?,0069DADD,?,?,?,?), ref: 0069CC82
                                                                                                    • CreateFileW.KERNEL32(E9006DBA,80000000,00000005,00000000,00000003,08000000,00000000,006952BD,006DB450,00000000,006953B5,04680A79,?,006952B5,00000000,00695381), ref: 0069C84F
                                                                                                    • GetLastError.KERNEL32(?,?,?,006A75F7,00695565,00695371,00695371,00000000,?,00695381,FFF9E89D,00695381,006953B5,0069533D,?,0069533D), ref: 0069C894
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareCreateErrorFileLastString
                                                                                                    • String ID: =Si$=Si$Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
                                                                                                    • API String ID: 1774366664-2901694911
                                                                                                    • Opcode ID: 75fa8e372319705d59386b0bcd3dd5f7f2f4990463ec31c75b302ae9650ec065
                                                                                                    • Instruction ID: d4d8245acc5d1b930102e9ce7cd3fa0e025ba0347ef4631a2c9615ba70cd1d6f
                                                                                                    • Opcode Fuzzy Hash: 75fa8e372319705d59386b0bcd3dd5f7f2f4990463ec31c75b302ae9650ec065
                                                                                                    • Instruction Fuzzy Hash: 8E31E471D40615BFDB109F64CD42F59BBAAEF04720F11812AF909EBA90E770AD509B94
                                                                                                    Function 006964B6 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemWow64DirectoryW.KERNEL32(?,00000104), ref: 006964F7
                                                                                                    • GetLastError.KERNEL32 ref: 00696505
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00696546
                                                                                                    • GetLastError.KERNEL32 ref: 00696550
                                                                                                    Strings
                                                                                                    • Failed to get 32-bit system folder., xrefs: 0069653F
                                                                                                    • variable.cpp, xrefs: 00696535, 00696574
                                                                                                    • Failed to set system folder variant value., xrefs: 006965BE
                                                                                                    • Failed to get 64-bit system folder., xrefs: 0069657E
                                                                                                    • Failed to backslash terminate system folder., xrefs: 006965A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryErrorLastSystem$Wow64
                                                                                                    • String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp
                                                                                                    • API String ID: 2634638900-1590374846
                                                                                                    • Opcode ID: 64a35840e129d8f3ad601ddcbeff5089da071e1cee29d943dc6ae7be6b0cfe89
                                                                                                    • Instruction ID: 582b6ff5e133b48f643b3845ed9d4fa8a048b494642e7b963aa7d5bdd570c768
                                                                                                    • Opcode Fuzzy Hash: 64a35840e129d8f3ad601ddcbeff5089da071e1cee29d943dc6ae7be6b0cfe89
                                                                                                    • Instruction Fuzzy Hash: C521E9B1E41335A6EF2067A5DC05BAB73DE9F00760F12416AFC09E7684EA648E4486E5
                                                                                                    Function 006A4ED2 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 84COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,?,?,006DB4F0), ref: 006A4EDB
                                                                                                    • GetProcessId.KERNEL32(000000FF,?,?,open,00000000,00000000,?,000000FF,?,?), ref: 006A4F79
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 006A4F92
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CloseCurrentHandle
                                                                                                    • String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
                                                                                                    • API String ID: 2815245435-1352204306
                                                                                                    • Opcode ID: 2ec8b926165eb8ebec7b6582d13ea8b1b2d06bc0d77a4b7e5efc9f6c3230c85a
                                                                                                    • Instruction ID: 80a326df05a7183cacacd04b5e6953010f65d8750662cb034969f451ef2805cc
                                                                                                    • Opcode Fuzzy Hash: 2ec8b926165eb8ebec7b6582d13ea8b1b2d06bc0d77a4b7e5efc9f6c3230c85a
                                                                                                    • Instruction Fuzzy Hash: 8E216B71D01218FF8F11AFA5CC818AEBBBAEF49350B11916AF904A2300DB719F109F84
                                                                                                    Function 0069671C Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 74libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(msi,DllGetVersion), ref: 00696746
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0069674D
                                                                                                    • GetLastError.KERNEL32 ref: 00696757
                                                                                                    Strings
                                                                                                    • Failed to get msi.dll version info., xrefs: 0069679F
                                                                                                    • variable.cpp, xrefs: 0069677B
                                                                                                    • Failed to set variant value., xrefs: 006967C3
                                                                                                    • Failed to find DllGetVersion entry point in msi.dll., xrefs: 00696785
                                                                                                    • msi, xrefs: 0069673D
                                                                                                    • DllGetVersion, xrefs: 00696738
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                                                    • String ID: DllGetVersion$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$msi$variable.cpp
                                                                                                    • API String ID: 4275029093-842451892
                                                                                                    • Opcode ID: ca28d630773f6f83386b37a056810d28b5e3207b67e0b74c4913e22c92e5a015
                                                                                                    • Instruction ID: a13ef13902f5c4e868137389ef11d99b636c7b1b3f2f9b2818ee55415aeabdf4
                                                                                                    • Opcode Fuzzy Hash: ca28d630773f6f83386b37a056810d28b5e3207b67e0b74c4913e22c92e5a015
                                                                                                    • Instruction Fuzzy Hash: EF119671F00725BAEB20ABB9DC41ABF77DEDB04754F02151AFD05FB290DA649D0482E5
                                                                                                    Function 00691174 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53libraryloadermemoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 00691185
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 00691190
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0069119E
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 006911B9
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 006911C1
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,0069111A,cabinet.dll,00000009,?,?,00000000), ref: 006911D6
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorLastProc$HandleHeapInformationModule
                                                                                                    • String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
                                                                                                    • API String ID: 3104334766-1824683568
                                                                                                    • Opcode ID: 4a269771a9839e1166d01bc324edfaa753784dce8634a84ebd02b1bea4941a90
                                                                                                    • Instruction ID: 33580449a56e5ea8a9d4663d33e41a5fd217ff29d23650fe648bf48be872db8d
                                                                                                    • Opcode Fuzzy Hash: 4a269771a9839e1166d01bc324edfaa753784dce8634a84ebd02b1bea4941a90
                                                                                                    • Instruction Fuzzy Hash: EC01B571A01216FB8B206FA6AC09DAF7B5EFF417917126013FE15D6744DB70DA008BB0
                                                                                                    Function 006AF3E6 Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 006AF3FB
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 006AF576
                                                                                                    Strings
                                                                                                    • Failed to set download password., xrefs: 006AF524
                                                                                                    • UX requested unknown container with id: %ls, xrefs: 006AF4A0
                                                                                                    • Failed to set download URL., xrefs: 006AF4D5
                                                                                                    • UX did not provide container or payload id., xrefs: 006AF565
                                                                                                    • UX denied while trying to set download URL on embedded payload: %ls, xrefs: 006AF466
                                                                                                    • Failed to set download user., xrefs: 006AF4FE
                                                                                                    • UX requested unknown payload with id: %ls, xrefs: 006AF450
                                                                                                    • Engine is active, cannot change engine state., xrefs: 006AF415
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                    • API String ID: 3168844106-2615595102
                                                                                                    • Opcode ID: efbf76ddc61e4fea873f45ed8252053c3f2a102b854c142a1062c3a51bdf3557
                                                                                                    • Instruction ID: 6ef77a505688162f57c3f1e0de232f21efc886e0e2666b0ad60d7c2f87855c36
                                                                                                    • Opcode Fuzzy Hash: efbf76ddc61e4fea873f45ed8252053c3f2a102b854c142a1062c3a51bdf3557
                                                                                                    • Instruction Fuzzy Hash: 1F41F571D00211EBDB61BFA5C805AAA77AAEF16720F15813AF805E7741D730ED50CF92
                                                                                                    Function 006AA998 Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,000000FF,00AAC56B,?,006952B5,00000000,=Si), ref: 006AAA90
                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,?,000000FF,00AAC56B,?,006952B5,00000000,=Si), ref: 006AAAD4
                                                                                                    Strings
                                                                                                    • Failed to get provider state from authenticode certificate., xrefs: 006AAABE
                                                                                                    • Failed authenticode verification of payload: %ls, xrefs: 006AAA71
                                                                                                    • cache.cpp, xrefs: 006AAA66, 006AAAB4, 006AAAF8
                                                                                                    • =Si, xrefs: 006AA9A8
                                                                                                    • Failed to get signer chain from authenticode certificate., xrefs: 006AAB02
                                                                                                    • Failed to verify expected payload against actual certificate chain., xrefs: 006AAB1A
                                                                                                    • qSiqSi, xrefs: 006AA9B1
                                                                                                    • =Si, xrefs: 006AA9AB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast
                                                                                                    • String ID: =Si$=Si$Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$cache.cpp$qSiqSi
                                                                                                    • API String ID: 1452528299-3807572348
                                                                                                    • Opcode ID: d044b0a63ad402f38e78c1ed4634d518109f93e10a344581a5e2d40f80753ca9
                                                                                                    • Instruction ID: b245e9795c30ccc44378507ee96887d7fdfda16062bc95617a962c7399724c7d
                                                                                                    • Opcode Fuzzy Hash: d044b0a63ad402f38e78c1ed4634d518109f93e10a344581a5e2d40f80753ca9
                                                                                                    • Instruction Fuzzy Hash: 994166B1E01364ABEB109BE9CD45BEF7BEAEB09350F01012AF905F7291E7705D058AA5
                                                                                                    Function 006D5916 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 194filememoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(000000FF,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,00000000,00000000,00000078,00000000,000000FF,?,00000000,00000000), ref: 006D5955
                                                                                                    • GetLastError.KERNEL32 ref: 006D5963
                                                                                                    • VirtualAlloc.KERNEL32(00000000,00010000,00003000,00000004), ref: 006D59A4
                                                                                                    • GetLastError.KERNEL32 ref: 006D59B1
                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 006D5B26
                                                                                                    • CloseHandle.KERNEL32(?), ref: 006D5B35
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastVirtual$AllocCloseCreateFileFreeHandle
                                                                                                    • String ID: GET$dlutil.cpp
                                                                                                    • API String ID: 2028584396-3303425918
                                                                                                    • Opcode ID: 73ef3c4dfb812bfd118bf64156b500cdf31cd770584a12b8da57269c84726817
                                                                                                    • Instruction ID: 72037609154935826d7f7083eebb89614039bad0fbac24e3570b92c761b384bc
                                                                                                    • Opcode Fuzzy Hash: 73ef3c4dfb812bfd118bf64156b500cdf31cd770584a12b8da57269c84726817
                                                                                                    • Instruction Fuzzy Hash: 06615C71E00629ABDB11DFA9CC80BEE7BBAAF48350F15421AFD16A6750D77099408B90
                                                                                                    Function 006A0AAE Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 182COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006A0E7E: CompareStringW.KERNEL32(00000000,00000000,feclient.dll,000000FF,00000000,000000FF,00000000,00000000,?,?,006A0ACD,?,00000000,?,00000000,00000000), ref: 006A0EAD
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,00000000,?,00000000,00000001,?,?,00000000,?,00000000), ref: 006A0C51
                                                                                                    • GetLastError.KERNEL32 ref: 006A0C5E
                                                                                                    Strings
                                                                                                    • Failed to append payload cache action., xrefs: 006A0C08
                                                                                                    • Failed to append package start action., xrefs: 006A0AF3
                                                                                                    • Failed to append rollback cache action., xrefs: 006A0B2D
                                                                                                    • plan.cpp, xrefs: 006A0C82
                                                                                                    • Failed to create syncpoint event., xrefs: 006A0C8C
                                                                                                    • Failed to append cache action., xrefs: 006A0BA8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareCreateErrorEventLastString
                                                                                                    • String ID: Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
                                                                                                    • API String ID: 801187047-2489563283
                                                                                                    • Opcode ID: b370903f20a15d1b9cd77f51f2e5a7737a01bdbc8b2f03328831e11ba19e5b0e
                                                                                                    • Instruction ID: 1f97d016a4dd5529b2633b3921aa546e9b88a73238f9db28f64b76af793bb499
                                                                                                    • Opcode Fuzzy Hash: b370903f20a15d1b9cd77f51f2e5a7737a01bdbc8b2f03328831e11ba19e5b0e
                                                                                                    • Instruction Fuzzy Hash: EA616C75900704EFEB05EF69C980AAAB7FAFF85314B21805AE8159B312DB31EE41DF50
                                                                                                    Function 00699DB4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699DDA
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699DFF
                                                                                                    Strings
                                                                                                    • Failed to format component id string., xrefs: 00699DE5
                                                                                                    • Failed to set variable., xrefs: 00699EE3
                                                                                                    • Failed to format product code string., xrefs: 00699E0A
                                                                                                    • MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 00699EF3
                                                                                                    • Failed to get component path: %d, xrefs: 00699E63
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16
                                                                                                    • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
                                                                                                    • API String ID: 3613110473-1671347822
                                                                                                    • Opcode ID: e9061642fb7b5445283f1ecdef544303193b4523f45fc22589080f719441b24d
                                                                                                    • Instruction ID: 9fc67987456122ae309fb7dce5a005d0d3421f896c92154653cf578eb6a22b09
                                                                                                    • Opcode Fuzzy Hash: e9061642fb7b5445283f1ecdef544303193b4523f45fc22589080f719441b24d
                                                                                                    • Instruction Fuzzy Hash: D041D672900215BACF61EAAC8C42BFEB66FEF04310F244A1FF105E6B91E7319E509675
                                                                                                    Function 006AD01A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 117threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateThread.KERNEL32(00000000,00000000,006AAB3C,?,00000000,00000000), ref: 006AD0B8
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 006AD0C4
                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,?,006AC59C,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 006AD145
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorHandleLastThread
                                                                                                    • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$LDi$^Si$elevation.cpp
                                                                                                    • API String ID: 747004058-93998641
                                                                                                    • Opcode ID: cb8f1c0e4118503c920f78578d86611a0d505ca9dc9f7f07fda60022af272559
                                                                                                    • Instruction ID: 35cb3054427c5d3e696dc06d99c8647447116e5b76f396c62c9e0b45b7c29692
                                                                                                    • Opcode Fuzzy Hash: cb8f1c0e4118503c920f78578d86611a0d505ca9dc9f7f07fda60022af272559
                                                                                                    • Instruction Fuzzy Hash: C341E4B5E01218AF9B40EFA9D8859EEBBF9EF49310F11412AF909E7340D7709D418FA4
                                                                                                    Function 006A473A Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNEL32(00000000,?,00000008,?,00000000,?,00000000,00000000,?,00000000,@Gi,?,?,00000000,?,00000000), ref: 006A4765
                                                                                                    • GetLastError.KERNEL32 ref: 006A4772
                                                                                                    • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,00000000), ref: 006A481B
                                                                                                    • GetLastError.KERNEL32 ref: 006A4825
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastRead
                                                                                                    • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                                                    • API String ID: 1948546556-3912962418
                                                                                                    • Opcode ID: 0a5145d2616ee4c0ed2778696f32da2bc1a99b866a72ceddafdadad239b7afc5
                                                                                                    • Instruction ID: 40dccfb51c50b6e35af2a565ed4bdb09bf8686b81be39230c761dd4132c319a7
                                                                                                    • Opcode Fuzzy Hash: 0a5145d2616ee4c0ed2778696f32da2bc1a99b866a72ceddafdadad239b7afc5
                                                                                                    • Instruction Fuzzy Hash: 2331F871E41365BBDB10AEA5DC45BAAF76BEF46711F11812AF800E6680DFB4DE008BD4
                                                                                                    Function 0069F2DC Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069F315
                                                                                                      • Part of subcall function 00694013: CreateDirectoryW.KERNELBASE(0069533D,006953B5,00000000,00000000,?,006A9EE4,00000000,00000000,0069533D,00000000,006952B5,00000000,?,=Si,0069D4AC,=Si), ref: 00694021
                                                                                                      • Part of subcall function 00694013: GetLastError.KERNEL32(?,006A9EE4,00000000,00000000,0069533D,00000000,006952B5,00000000,?,=Si,0069D4AC,=Si,00000000,00000000), ref: 0069402F
                                                                                                    • lstrlenA.KERNEL32(006DB4F0,00000000,00000094,00000000,00000094,?,?,006A0328,swidtag,00000094,?,006DB508,006A0328,00000000,?,00000000), ref: 0069F368
                                                                                                      • Part of subcall function 006D4C67: CreateFileW.KERNEL32(006DB4F0,40000000,00000001,00000000,00000002,00000080,00000000,006A0328,00000000,?,0069F37F,?,00000080,006DB4F0,00000000), ref: 006D4C7F
                                                                                                      • Part of subcall function 006D4C67: GetLastError.KERNEL32(?,0069F37F,?,00000080,006DB4F0,00000000,?,006A0328,?,00000094,?,?,?,?,?,00000000), ref: 006D4C8C
                                                                                                    Strings
                                                                                                    • Failed to format tag folder path., xrefs: 0069F3CE
                                                                                                    • Failed to write tag xml to file: %ls, xrefs: 0069F3A6
                                                                                                    • Failed to allocate regid folder path., xrefs: 0069F3C7
                                                                                                    • Failed to create regid folder: %ls, xrefs: 0069F3B0
                                                                                                    • swidtag, xrefs: 0069F328
                                                                                                    • Failed to allocate regid file path., xrefs: 0069F3C0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
                                                                                                    • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
                                                                                                    • API String ID: 904508749-1201533908
                                                                                                    • Opcode ID: 3f770998d78f71fc9b0b77c554805724047aee2f40a65f73e4614be539ce0c1c
                                                                                                    • Instruction ID: 23abcd0bd8ed7f382af37c70e2cd513eb711b47f7a93f548ed42f0f946439f93
                                                                                                    • Opcode Fuzzy Hash: 3f770998d78f71fc9b0b77c554805724047aee2f40a65f73e4614be539ce0c1c
                                                                                                    • Instruction Fuzzy Hash: A1318D32D01229FFCF119FA5DC01B9DBBBAAF04710F12817AE901EA650D7759E50ABD4
                                                                                                    Function 006A51E9 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,00695386,00000000,00000000,?,00000000), ref: 006A5292
                                                                                                    • GetLastError.KERNEL32(?,?,?,00694B5B,?,?,00000000,?,?,?,?,?,?,006DB490,?,?), ref: 006A529D
                                                                                                    Strings
                                                                                                    • Failed to write exit code to message buffer., xrefs: 006A520D
                                                                                                    • pipe.cpp, xrefs: 006A52C1
                                                                                                    • Failed to post terminate message to child process., xrefs: 006A527D
                                                                                                    • Failed to write restart to message buffer., xrefs: 006A5235
                                                                                                    • Failed to post terminate message to child process cache thread., xrefs: 006A5261
                                                                                                    • Failed to wait for child process exit., xrefs: 006A52CB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastObjectSingleWait
                                                                                                    • String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
                                                                                                    • API String ID: 1211598281-2161881128
                                                                                                    • Opcode ID: 286dd0acef22890a23a918a58dd425c632571ad56c2a47a47a7f3845656ec2e9
                                                                                                    • Instruction ID: 6ba34f52afd8e3df7cbd90bacda867b1bc54cffbd2265a9b01223e53b433a52e
                                                                                                    • Opcode Fuzzy Hash: 286dd0acef22890a23a918a58dd425c632571ad56c2a47a47a7f3845656ec2e9
                                                                                                    • Instruction Fuzzy Hash: 2521E633D41B25FBDB12A7A59C05F9E77AAEF02320F110316F901B6290DB319E509BE4
                                                                                                    Function 006A8E92 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 88fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000101,?,006A9CFF,00000003,000007D0,00000003,?,000007D0), ref: 006A8EAC
                                                                                                    • GetLastError.KERNEL32(?,006A9CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000000,-00000004), ref: 006A8EB9
                                                                                                    • CloseHandle.KERNEL32(00000000,?,006A9CFF,00000003,000007D0,00000003,?,000007D0,00000000,000007D0,00000000,00000003,00000000,00000003,000007D0,00000000), ref: 006A8F80
                                                                                                    Strings
                                                                                                    • Failed to verify signature of payload: %ls, xrefs: 006A8F28
                                                                                                    • cache.cpp, xrefs: 006A8EEF
                                                                                                    • Failed to verify catalog signature of payload: %ls, xrefs: 006A8F47
                                                                                                    • Failed to verify hash of payload: %ls, xrefs: 006A8F6B
                                                                                                    • Failed to open payload at path: %ls, xrefs: 006A8EFC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                    • String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
                                                                                                    • API String ID: 2528220319-2757871984
                                                                                                    • Opcode ID: c500730e5728458a7b9e39840f24ba3b60129fc462da856bb90d00faa00ff87d
                                                                                                    • Instruction ID: e8e81c65effce2e40746d979f256c3fe2fe4b8c5b3430125e4791534fce2fd19
                                                                                                    • Opcode Fuzzy Hash: c500730e5728458a7b9e39840f24ba3b60129fc462da856bb90d00faa00ff87d
                                                                                                    • Instruction Fuzzy Hash: CA212731A01622BED7223A658C49B9B7B1BBF027A0F150215FD1067290DB359C60DED5
                                                                                                    Function 006969B8 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00696A03
                                                                                                    • GetLastError.KERNEL32 ref: 00696A0D
                                                                                                    • GetVolumePathNameW.KERNEL32(?,?,00000104), ref: 00696A51
                                                                                                    • GetLastError.KERNEL32 ref: 00696A5B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$DirectoryNamePathVolumeWindows
                                                                                                    • String ID: Failed to get volume path name.$Failed to get windows directory.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 124030351-4026719079
                                                                                                    • Opcode ID: a8a0c835a7286fa9fa494f75bb71be89f6288f067437d4bbfb1e8141e0803e39
                                                                                                    • Instruction ID: 9b73394e4effa194ea2bb4895fa667ea7f46e5245bec49ab0e0745c150210c4f
                                                                                                    • Opcode Fuzzy Hash: a8a0c835a7286fa9fa494f75bb71be89f6288f067437d4bbfb1e8141e0803e39
                                                                                                    • Instruction Fuzzy Hash: BF21CCB2E41328AAEB20A7659C45FDB73DE9B40710F01416BBD05F7241E6349D4186A9
                                                                                                    Function 00699B3F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 86COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699B5A
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 00699B72
                                                                                                    • GetLastError.KERNEL32 ref: 00699B81
                                                                                                    Strings
                                                                                                    • File search: %ls, did not find path: %ls, xrefs: 00699BD5
                                                                                                    • Failed to set variable., xrefs: 00699C07
                                                                                                    • search.cpp, xrefs: 00699BB3
                                                                                                    • Failed to format variable string., xrefs: 00699B65
                                                                                                    • Failed get to file attributes. '%ls', xrefs: 00699BC0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                    • String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
                                                                                                    • API String ID: 1811509786-2053429945
                                                                                                    • Opcode ID: c0f0e1c10581f3b9ad375787b644bd0b0b20a7334d5cdd3522a86cdebe4e6b5b
                                                                                                    • Instruction ID: cf9317b0e2660d50d1eb0cf98b6114dd371fde5f65083397c6f10e6ab37ce6eb
                                                                                                    • Opcode Fuzzy Hash: c0f0e1c10581f3b9ad375787b644bd0b0b20a7334d5cdd3522a86cdebe4e6b5b
                                                                                                    • Instruction Fuzzy Hash: 92213832E40214BBDF117AA89D02BAEB76FEF05310F10422BF900E6690E7719E50D6F5
                                                                                                    Function 006AAB3C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 006AAB53
                                                                                                    • GetLastError.KERNEL32 ref: 006AAB5D
                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 006AAB9C
                                                                                                    • CoUninitialize.OLE32(?,006AC4F4,?,?), ref: 006AABD9
                                                                                                    Strings
                                                                                                    • Failed to initialize COM., xrefs: 006AABA8
                                                                                                    • Failed to pump messages in child process., xrefs: 006AABC7
                                                                                                    • elevation.cpp, xrefs: 006AAB81
                                                                                                    • Failed to set elevated cache pipe into thread local storage for logging., xrefs: 006AAB8B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorInitializeLastUninitializeValue
                                                                                                    • String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
                                                                                                    • API String ID: 876858697-113251691
                                                                                                    • Opcode ID: 38954cb48101655f518a9f0b60efacb1c2ea570c3b168430b1919841b4379337
                                                                                                    • Instruction ID: 27b2c112b4bf6a1522fdddb3ae43d3a751cbafe8044ea2aa53cb1a16e83fb87a
                                                                                                    • Opcode Fuzzy Hash: 38954cb48101655f518a9f0b60efacb1c2ea570c3b168430b1919841b4379337
                                                                                                    • Instruction Fuzzy Hash: 9B11E732D02731BF971127A99C0599BBB9BDF06760B02511BFC04B7250EB605C00DAE5
                                                                                                    Function 00695BF0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 54registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00695C77
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: +$CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion
                                                                                                    • API String ID: 47109696-3209209246
                                                                                                    • Opcode ID: 9fea25caa2708bd2d43c7a223079ed0b753c6632b687b4feec12676db5a48635
                                                                                                    • Instruction ID: 91c3c5d7fd0e71ae490187b8a048ca905b5a2d4f76248780cb6590c5ab45f2c7
                                                                                                    • Opcode Fuzzy Hash: 9fea25caa2708bd2d43c7a223079ed0b753c6632b687b4feec12676db5a48635
                                                                                                    • Instruction Fuzzy Hash: B201C032E41628F7CF226A55DD02E9EBA6FDB00720F16416FF800A6310D6708E009294
                                                                                                    Function 006C6A76 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                    • String ID: &.l$&.l$&.l
                                                                                                    • API String ID: 1036877536-46861775
                                                                                                    • Opcode ID: f3a74c95afe91129e83f4a200ae329e72b68e1b987d16e4549aa364eb4fd1ab8
                                                                                                    • Instruction ID: 0780f55d177b76791c54df6c2acb7f7342d65c567693ff971afc84a6613f5159
                                                                                                    • Opcode Fuzzy Hash: f3a74c95afe91129e83f4a200ae329e72b68e1b987d16e4549aa364eb4fd1ab8
                                                                                                    • Instruction Fuzzy Hash: C8A13372A007869FDB258F28C881FBEBBE6EF55350F1841AEF5859B381C2349D42C758
                                                                                                    Function 006BA024 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,00000001,00000000,?), ref: 006BA0F1
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 006BA0FB
                                                                                                    Strings
                                                                                                    • Failed to clear readonly bit on payload destination path: %ls, xrefs: 006BA12A
                                                                                                    • Failed attempt to download URL: '%ls' to: '%ls', xrefs: 006BA1D8
                                                                                                    • :, xrefs: 006BA174
                                                                                                    • apply.cpp, xrefs: 006BA11F
                                                                                                    • download, xrefs: 006BA0BB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                    • String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
                                                                                                    • API String ID: 1799206407-1905830404
                                                                                                    • Opcode ID: e8c7cf327b244bac03143290547d36546ba37281f9357ae1cdf3ad5ad430d8e7
                                                                                                    • Instruction ID: 189b3f169a4687f89271550afea25cab7a95810571bea8e9b304faa57de971f8
                                                                                                    • Opcode Fuzzy Hash: e8c7cf327b244bac03143290547d36546ba37281f9357ae1cdf3ad5ad430d8e7
                                                                                                    • Instruction Fuzzy Hash: 665181B1A00215AFDB51EFA9C841AEEB7B6EF04710F10805AE915EB251E771DE81CB91
                                                                                                    Function 006D6DA8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,7591DFD0,000000FF,type,000000FF,?,7591DFD0,7591DFD0,7591DFD0), ref: 006D6DFE
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6E49
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6EC5
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D6F11
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Free$Compare
                                                                                                    • String ID: type$url
                                                                                                    • API String ID: 1324494773-1247773906
                                                                                                    • Opcode ID: 67ebba0fb18ad22e49a5bc4822ae43c374040910a0e467b96d0a846853121c20
                                                                                                    • Instruction ID: 9dd32f15c5484bbd99ef8738faa51e20b2af309a19166ebb55d3780808f0e151
                                                                                                    • Opcode Fuzzy Hash: 67ebba0fb18ad22e49a5bc4822ae43c374040910a0e467b96d0a846853121c20
                                                                                                    • Instruction Fuzzy Hash: 22513975D01219EBCB15DBA4C844EEEBBBAAF04711F1142AAF911EB3A0D7319E04DB90
                                                                                                    Function 006D837F Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000000,?,?,006B8E1F,000002C0,00000100), ref: 006D83AD
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,006B8E1F,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 006D83C8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareHeapString$AllocateProcess
                                                                                                    • String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                                                    • API String ID: 2664528157-4206478990
                                                                                                    • Opcode ID: e01e46546e12ac0acc36d4eecdf28aafcf762b465e4ee849fab494322b722923
                                                                                                    • Instruction ID: c3f831dddc3c3a803cb4d9a6be7afc7a375e440f21b8e6c583b6b7184348e6be
                                                                                                    • Opcode Fuzzy Hash: e01e46546e12ac0acc36d4eecdf28aafcf762b465e4ee849fab494322b722923
                                                                                                    • Instruction Fuzzy Hash: B651A131E44206AFDBA19F54CC86F6A77A7AB04760F21821AFA65DB3D1DB70ED408B50
                                                                                                    Function 006D635A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 152fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32 ref: 006D63B7
                                                                                                    • DeleteFileW.KERNEL32(00000000,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 006D64AE
                                                                                                    • CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 006D64BD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseDeleteErrorFileHandleLast
                                                                                                    • String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
                                                                                                    • API String ID: 3522763407-1704223933
                                                                                                    • Opcode ID: 8f5fd118f2f20e65ae27b19abec34001fa17bcf8d061064b445d1a33d4c505de
                                                                                                    • Instruction ID: 968e1d0fb9ac8c64a1353362bc382a3220b7f7b7e50c225b2dc3d990dd30060d
                                                                                                    • Opcode Fuzzy Hash: 8f5fd118f2f20e65ae27b19abec34001fa17bcf8d061064b445d1a33d4c505de
                                                                                                    • Instruction Fuzzy Hash: F3513C72D00219BBDF12DFA4CC41EEEBBBAEF08710F018156FA15E6250E7358A55DBA0
                                                                                                    Function 006A9080 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _memcmp.LIBVCRUNTIME ref: 006A910E
                                                                                                      • Part of subcall function 006D5587: GetLastError.KERNEL32(?,?,006A9133,?,00000003,00000000,?), ref: 006D55A6
                                                                                                    • _memcmp.LIBVCRUNTIME ref: 006A9148
                                                                                                    • GetLastError.KERNEL32 ref: 006A91C2
                                                                                                    Strings
                                                                                                    • cache.cpp, xrefs: 006A91E6
                                                                                                    • Failed to get certificate public key identifier., xrefs: 006A91F0
                                                                                                    • Failed to read certificate thumbprint., xrefs: 006A91B6
                                                                                                    • Failed to find expected public key in certificate chain., xrefs: 006A9183
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast_memcmp
                                                                                                    • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
                                                                                                    • API String ID: 3428363238-3408201827
                                                                                                    • Opcode ID: c59e8d7d45ee41b8509b60c1efc79a39ece9156a3a8408af51086805bae13b53
                                                                                                    • Instruction ID: 7c65974c392783fce20e35bfd836e5e252698008c7a8e97f9ae1242deca2949c
                                                                                                    • Opcode Fuzzy Hash: c59e8d7d45ee41b8509b60c1efc79a39ece9156a3a8408af51086805bae13b53
                                                                                                    • Instruction Fuzzy Hash: 6D415DB1E00216AFDB10EFA9C845AAAB7FAAF09750F114129F905E7351D674ED01CFB4
                                                                                                    Function 006A0419 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 133registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 006A054A
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 006A0559
                                                                                                      • Part of subcall function 006D0AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,006A0491,?,00000000,00020006), ref: 006D0AFA
                                                                                                    Strings
                                                                                                    • Failed to write volatile reboot required registry key., xrefs: 006A0495
                                                                                                    • Failed to update resume mode., xrefs: 006A052E
                                                                                                    • Failed to open registration key., xrefs: 006A0591
                                                                                                    • Failed to delete registration key: %ls, xrefs: 006A04F8
                                                                                                    • %ls.RebootRequired, xrefs: 006A0467
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$Create
                                                                                                    • String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
                                                                                                    • API String ID: 359002179-2517785395
                                                                                                    • Opcode ID: a17bb30d41e6d19ac1889d0014c2f34b025a9a77b180daa4eebf116675a60ea2
                                                                                                    • Instruction ID: 4e3a1b98d0dd4b489ba278c4f285775940bbc95e20ee1f7f4804803ac6d31522
                                                                                                    • Opcode Fuzzy Hash: a17bb30d41e6d19ac1889d0014c2f34b025a9a77b180daa4eebf116675a60ea2
                                                                                                    • Instruction Fuzzy Hash: 4F417C32800218FAEF22AEA1DD02EAEBBBBAF46310F14442EF54162111D7719A50DF51
                                                                                                    Function 006D143C Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 123stringregistryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(?,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 006D1479
                                                                                                    • lstrlenW.KERNEL32(?,00000000,00000000,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 006D14F1
                                                                                                    • lstrlenW.KERNEL32(?,?,?,?,00000001), ref: 006D14FD
                                                                                                    • RegSetValueExW.ADVAPI32(00020006,?,00000000,00000007,00000000,?,00000000,?,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006), ref: 006D153D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen$Value
                                                                                                    • String ID: @do$BundleUpgradeCode$regutil.cpp
                                                                                                    • API String ID: 198323757-3149455687
                                                                                                    • Opcode ID: 5408e77f72c6bd6ef90eaca2d764e82c7153d454c4d15b5c162f506d43ab5060
                                                                                                    • Instruction ID: 1aad2be9836c2df6a61fe10435d82349e25af26b7d90d78452d57a5dc5bacc51
                                                                                                    • Opcode Fuzzy Hash: 5408e77f72c6bd6ef90eaca2d764e82c7153d454c4d15b5c162f506d43ab5060
                                                                                                    • Instruction Fuzzy Hash: F9416576E0022AAFCF11DFA8D8419AE7BABAF45710F12416AFD05AB351D670DD118BD0
                                                                                                    Function 0069F69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0069F7CD
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 0069F7DA
                                                                                                    Strings
                                                                                                    • Resume, xrefs: 0069F741
                                                                                                    • Failed to open registration key., xrefs: 0069F736
                                                                                                    • Failed to format pending restart registry key to read., xrefs: 0069F6D1
                                                                                                    • %ls.RebootRequired, xrefs: 0069F6BA
                                                                                                    • Failed to read Resume value., xrefs: 0069F763
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close
                                                                                                    • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                    • API String ID: 3535843008-3890505273
                                                                                                    • Opcode ID: 0df0d677cc78d6356c98d3de8c9a6e8585a6b167ad05fa7c5d57327d7f7eacfa
                                                                                                    • Instruction ID: 186e9fec7ecc9ecdb15d05683e121fdfc162cd11b66925a4386cc1b93cc335e0
                                                                                                    • Opcode Fuzzy Hash: 0df0d677cc78d6356c98d3de8c9a6e8585a6b167ad05fa7c5d57327d7f7eacfa
                                                                                                    • Instruction Fuzzy Hash: 00414F36D00219EBDF119FD5D881AEDBBAAFB05311F26456AE814EF710C3719E519B40
                                                                                                    Function 006AA7FA Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource
                                                                                                    • API String ID: 0-660234312
                                                                                                    • Opcode ID: 79c8e5df97741594baf3614e537fd63815e5b24eb07eaa44918be4e9fa63d505
                                                                                                    • Instruction ID: 04a126aac0f4d4974572a54c0d11817d693ed103a2a31ec5e761a5a6bf6cb2ba
                                                                                                    • Opcode Fuzzy Hash: 79c8e5df97741594baf3614e537fd63815e5b24eb07eaa44918be4e9fa63d505
                                                                                                    • Instruction Fuzzy Hash: A931B831D04219BBDF21AAD4CC45EAEB77B9F02760F214267F920A62D0E7359E41DB51
                                                                                                    Function 006BD677 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 106comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoCreateInstance.OLE32(006F0A84,00000000,00000017,006F0A94,?,?,00000000,00000000,?,?,?,?,?,006BDCAE,00000000,00000000), ref: 006BD6AF
                                                                                                    Strings
                                                                                                    • Failed to set notification flags for BITS job., xrefs: 006BD701
                                                                                                    • Failed to set BITS job to foreground., xrefs: 006BD730
                                                                                                    • Failed to create BITS job., xrefs: 006BD6E9
                                                                                                    • WixBurn, xrefs: 006BD6DA
                                                                                                    • Failed to set progress timeout., xrefs: 006BD719
                                                                                                    • Failed to create IBackgroundCopyManager., xrefs: 006BD6BB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateInstance
                                                                                                    • String ID: Failed to create BITS job.$Failed to create IBackgroundCopyManager.$Failed to set BITS job to foreground.$Failed to set notification flags for BITS job.$Failed to set progress timeout.$WixBurn
                                                                                                    • API String ID: 542301482-468763447
                                                                                                    • Opcode ID: 85bc50bf22b47e9f39b52880ada14cc1682558decbf93423e51a3ed757188f6f
                                                                                                    • Instruction ID: 54cdfe8a9c823b409da1baaab3fb5490ea99d3cc73115f008ac596b8fb5edffb
                                                                                                    • Opcode Fuzzy Hash: 85bc50bf22b47e9f39b52880ada14cc1682558decbf93423e51a3ed757188f6f
                                                                                                    • Instruction Fuzzy Hash: D7319271E40219AF9B15CFA8C845EFFB7B6EF48710F110169E905EF351EA30AC418B91
                                                                                                    Function 006D5C68 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,?,?,?,?,WiX\Burn,DownloadTimeout,00000078), ref: 006D5CB2
                                                                                                    • GetLastError.KERNEL32 ref: 006D5CBF
                                                                                                    • ReadFile.KERNEL32(00000000,00000008,00000008,?,00000000), ref: 006D5D06
                                                                                                    • CloseHandle.KERNEL32(00000000,dlutil.cpp,000000C8,00000000), ref: 006D5D6E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseCreateErrorHandleLastRead
                                                                                                    • String ID: %ls.R$dlutil.cpp
                                                                                                    • API String ID: 2136311172-657863730
                                                                                                    • Opcode ID: 0ad2f8fac38f55b25a9c6649bfdd4ea5859c65eeebc279d61a4af15f4832ed32
                                                                                                    • Instruction ID: 24b046d80369b0a9894870068afc65d8117dc6bf66dc0e1b0ccd6c004ad36754
                                                                                                    • Opcode Fuzzy Hash: 0ad2f8fac38f55b25a9c6649bfdd4ea5859c65eeebc279d61a4af15f4832ed32
                                                                                                    • Instruction Fuzzy Hash: B8310472E01714ABEB208B68CC48BAA77EAEF05720F11421AFE16EB7C0D7704C0187B4
                                                                                                    Function 006BD12C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,759230B0,00000000,?,?,?,?,006BD439,?), ref: 006BD145
                                                                                                    • ReleaseMutex.KERNEL32(?,?,?,?,006BD439,?), ref: 006BD161
                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006BD1A4
                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 006BD1BB
                                                                                                    • SetEvent.KERNEL32(?), ref: 006BD1C4
                                                                                                    Strings
                                                                                                    • Failed to send files in use message from netfx chainer., xrefs: 006BD20A
                                                                                                    • Failed to get message from netfx chainer., xrefs: 006BD1E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MutexObjectReleaseSingleWait$Event
                                                                                                    • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
                                                                                                    • API String ID: 2608678126-3424578679
                                                                                                    • Opcode ID: 2358dcdc6b2ad2b857c6cb940ad19dae3bacaeba60daaaae226092fb1d09e78e
                                                                                                    • Instruction ID: 842e2686e9d7c8227b962c05d3825f2f70b5d2d521c94ce823c1f93b7dcbca5c
                                                                                                    • Opcode Fuzzy Hash: 2358dcdc6b2ad2b857c6cb940ad19dae3bacaeba60daaaae226092fb1d09e78e
                                                                                                    • Instruction Fuzzy Hash: 4231FD71900659FFCB119F94CC08EEFBBF6EF44320F158669F615A6261D731DA408B90
                                                                                                    Function 006D082D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89processCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 006D089A
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 006D08A4
                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 006D08ED
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 006D08FA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$CreateErrorLastProcess
                                                                                                    • String ID: "%ls" %ls$D$procutil.cpp
                                                                                                    • API String ID: 161867955-2732225242
                                                                                                    • Opcode ID: 9ce9443724433729f429bd5a25c413ed28437d43af5bc3e0d6b20962cd69006e
                                                                                                    • Instruction ID: e7a35b2d4463b70b486b8ae9d3468fa94f14c3a66f2ade6b7d8bf51c60f0d421
                                                                                                    • Opcode Fuzzy Hash: 9ce9443724433729f429bd5a25c413ed28437d43af5bc3e0d6b20962cd69006e
                                                                                                    • Instruction Fuzzy Hash: BF21F972D0021AEFEF109FA5CD40AEEBBBAEF04754F11512AEA05B6261D7705E409BA1
                                                                                                    Function 00699A6D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699A86
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,00000000,?,0069A7A9,00000100,000002C0,000002C0,00000100), ref: 00699AA6
                                                                                                    • GetLastError.KERNEL32(?,0069A7A9,00000100,000002C0,000002C0,00000100), ref: 00699AB1
                                                                                                    Strings
                                                                                                    • Failed to format variable string., xrefs: 00699A91
                                                                                                    • Failed while searching directory search: %ls, for path: %ls, xrefs: 00699B06
                                                                                                    • Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 00699B1C
                                                                                                    • Failed to set directory search path variable., xrefs: 00699AE1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                    • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                    • API String ID: 1811509786-2966038646
                                                                                                    • Opcode ID: 723965a3335cd97572d015dcfabe1fa42f968e2c2cda39bfbbf2188eba455fe2
                                                                                                    • Instruction ID: 8fbe0b9eda0eaec3f235c71cef04b0fc891af285f15ff8f8f41417507d59c9e7
                                                                                                    • Opcode Fuzzy Hash: 723965a3335cd97572d015dcfabe1fa42f968e2c2cda39bfbbf2188eba455fe2
                                                                                                    • Instruction Fuzzy Hash: FC11C632D41125FBDF2266989D02F9EBA6FEF15320F21011AFC007A660D7369D10A6E5
                                                                                                    Function 00699C39 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699C52
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,?,0069A781,00000100,000002C0,000002C0,?,000002C0,00000100), ref: 00699C72
                                                                                                    • GetLastError.KERNEL32(?,0069A781,00000100,000002C0,000002C0,?,000002C0,00000100,000002C0,000002C0,00000100), ref: 00699C7D
                                                                                                    Strings
                                                                                                    • Failed to set variable to file search path., xrefs: 00699CD4
                                                                                                    • File search: %ls, did not find path: %ls, xrefs: 00699CE0
                                                                                                    • Failed while searching file search: %ls, for path: %ls, xrefs: 00699CAA
                                                                                                    • Failed to format variable string., xrefs: 00699C5D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                    • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
                                                                                                    • API String ID: 1811509786-3425311760
                                                                                                    • Opcode ID: b13f2d8026209ff9f95d0e9732322794c43535ea01046924397633c55134346a
                                                                                                    • Instruction ID: 962d85683ecac797e445c7883ce5e4ef0f918922e687725e2dde3e3b472621b0
                                                                                                    • Opcode Fuzzy Hash: b13f2d8026209ff9f95d0e9732322794c43535ea01046924397633c55134346a
                                                                                                    • Instruction Fuzzy Hash: BE11D532D40125FBDF1236988E42B9DBAAFAF01720F21411AFC10BA660D7229D50B7E5
                                                                                                    Function 006A444C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • _memcpy_s.LIBCMT ref: 006A449E
                                                                                                    • _memcpy_s.LIBCMT ref: 006A44B1
                                                                                                    • _memcpy_s.LIBCMT ref: 006A44CC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _memcpy_s$Heap$AllocateProcess
                                                                                                    • String ID: @Gi$Failed to allocate memory for message.$feclient.dll$pipe.cpp
                                                                                                    • API String ID: 886498622-3050754097
                                                                                                    • Opcode ID: 28ba1747a5fa868ef081bb0d97054753671b82fe6ad30f981825e84a45393c3b
                                                                                                    • Instruction ID: 66b6de6e4264d02cbc71219f46323f45f4a51f6a3871ae8d4551cc2c3d509cfd
                                                                                                    • Opcode Fuzzy Hash: 28ba1747a5fa868ef081bb0d97054753671b82fe6ad30f981825e84a45393c3b
                                                                                                    • Instruction Fuzzy Hash: 651142B250131DABDB01AE91CC86DDBB3AEEF45710B00452ABA119B241EBB0DA508BE4
                                                                                                    Function 006ACCF4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 53synchronizationthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(00000001,000493E0,00000000,?,?,006AD134,00000000,?,?,006AC59C,00000001,?,?,?,?,?), ref: 006ACD06
                                                                                                    • GetLastError.KERNEL32(?,?,006AD134,00000000,?,?,006AC59C,00000001,?,?,?,?,?,00000000,00000000,?), ref: 006ACD10
                                                                                                    • GetExitCodeThread.KERNEL32(00000001,?,?,?,006AD134,00000000,?,?,006AC59C,00000001,?,?,?,?,?,00000000), ref: 006ACD4C
                                                                                                    • GetLastError.KERNEL32(?,?,006AD134,00000000,?,?,006AC59C,00000001,?,?,?,?,?,00000000,00000000,?), ref: 006ACD56
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                    • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
                                                                                                    • API String ID: 3686190907-1954264426
                                                                                                    • Opcode ID: f1b897eab50b4d7b499cc071941988d9d489b7f5a69b3ca808125a214fc8b559
                                                                                                    • Instruction ID: 689f70074ba7bbaaaac58189592f0f6c606c23b9960f3159d5c13034d15fae83
                                                                                                    • Opcode Fuzzy Hash: f1b897eab50b4d7b499cc071941988d9d489b7f5a69b3ca808125a214fc8b559
                                                                                                    • Instruction Fuzzy Hash: 98012D72F41334ABEB207BBA5D05BAB7ADADF05790F03112BFD05E6550E7508E0085E9
                                                                                                    Function 006A67B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,006A6CFB,@Gi,?,00000000,?,00000000,00000001), ref: 006A67BD
                                                                                                    • GetLastError.KERNEL32(?,006A6CFB,@Gi,?,00000000,?,00000000,00000001), ref: 006A67C7
                                                                                                    • GetExitCodeThread.KERNEL32(00000001,00000000,?,006A6CFB,@Gi,?,00000000,?,00000000,00000001), ref: 006A6806
                                                                                                    • GetLastError.KERNEL32(?,006A6CFB,@Gi,?,00000000,?,00000000,00000001), ref: 006A6810
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                    • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                    • API String ID: 3686190907-2546940223
                                                                                                    • Opcode ID: b0c9b547acac4d85d81ea90f402afcfaf833e57ed21d3414418b04089d1f73d4
                                                                                                    • Instruction ID: fd0c691285754b339415dc932d5bc0f4691e8c6f898091b63a327a78e2643c32
                                                                                                    • Opcode Fuzzy Hash: b0c9b547acac4d85d81ea90f402afcfaf833e57ed21d3414418b04089d1f73d4
                                                                                                    • Instruction Fuzzy Hash: 49015E71641304FBEB08ABB5DD16B7E76EAEB00710F11512EB916D51A0EB758E009A28
                                                                                                    Function 006AF586 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 006AF59B
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 006AF6A8
                                                                                                    Strings
                                                                                                    • UX requested unknown container with id: %ls, xrefs: 006AF667
                                                                                                    • UX denied while trying to set source on embedded payload: %ls, xrefs: 006AF61D
                                                                                                    • UX requested unknown payload with id: %ls, xrefs: 006AF607
                                                                                                    • Failed to set source path for payload., xrefs: 006AF637
                                                                                                    • Failed to set source path for container., xrefs: 006AF68D
                                                                                                    • Engine is active, cannot change engine state., xrefs: 006AF5B5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
                                                                                                    • API String ID: 3168844106-4121889706
                                                                                                    • Opcode ID: c782a0e487b9b6c0b8c51164c622385b16a5e14741846f3969f9dc33dbad6912
                                                                                                    • Instruction ID: e048a844a0229d116ea7f3503b431a5aaa49314f29372893b2d6570b953a06a9
                                                                                                    • Opcode Fuzzy Hash: c782a0e487b9b6c0b8c51164c622385b16a5e14741846f3969f9dc33dbad6912
                                                                                                    • Instruction Fuzzy Hash: 26312D72941211BBCB21AFD5CC46D9AB3FEDF56720B15512AF804E7350DB74ED008B96
                                                                                                    Function 006970D4 Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 006970E7
                                                                                                    Strings
                                                                                                    • [\%c], xrefs: 00697146
                                                                                                    • Failed to format escape sequence., xrefs: 00697181
                                                                                                    • Failed to append escape sequence., xrefs: 0069717A
                                                                                                    • []{}, xrefs: 00697111
                                                                                                    • Failed to append characters., xrefs: 00697173
                                                                                                    • Failed to allocate buffer for escaped string., xrefs: 006970FE
                                                                                                    • Failed to copy string., xrefs: 0069719B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen
                                                                                                    • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
                                                                                                    • API String ID: 1659193697-3250950999
                                                                                                    • Opcode ID: 5e7f624b057c2da15394b08068e5d34c796059407096026192a6b7079990f87f
                                                                                                    • Instruction ID: cf376d9e3f9f1550ea7805f8fb625634ab46f40bd766ba6c064d73ae9e23dfd1
                                                                                                    • Opcode Fuzzy Hash: 5e7f624b057c2da15394b08068e5d34c796059407096026192a6b7079990f87f
                                                                                                    • Instruction Fuzzy Hash: 0321F833D5822ABBDF259694DC02BEE77AF9F00730F25015BF900B6650DB74AE459298
                                                                                                    Function 006B59B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 207COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(00000000,00000000,006DB4F0,000000FF,feclient.dll,000000FF,00000000,00000000,?,?,?,006B659B,?,00000001,?,006DB490), ref: 006B5A19
                                                                                                    Strings
                                                                                                    • Failed to copy target product code., xrefs: 006B5B4C
                                                                                                    • feclient.dll, xrefs: 006B5A0F, 006B5B39
                                                                                                    • Failed grow array of ordered patches., xrefs: 006B5AB2
                                                                                                    • Failed to insert execute action., xrefs: 006B5A6E
                                                                                                    • Failed to plan action for target product., xrefs: 006B5AC4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.$feclient.dll
                                                                                                    • API String ID: 1825529933-3477540455
                                                                                                    • Opcode ID: 93903691fd3b306832056ac399bbf247d4558e19b28967ac46dabab5dfc22d23
                                                                                                    • Instruction ID: 4f43b7e39882a7166291a85070f6bf774a9f3ecaec68aa2fa3ab19fa6171a182
                                                                                                    • Opcode Fuzzy Hash: 93903691fd3b306832056ac399bbf247d4558e19b28967ac46dabab5dfc22d23
                                                                                                    • Instruction Fuzzy Hash: 7E8112B560075A9FCB14DF58C880AEA77A6FF08324F15866AEC169B352D730EC91CF90
                                                                                                    Function 006B9039 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 171COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,006A6F20,000000B8,0000001C,00000100), ref: 006B9068
                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,?,000000FF,006DB4A8,000000FF,?,?,?,006A6F20,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 006B9101
                                                                                                    Strings
                                                                                                    • detect.cpp, xrefs: 006B9163
                                                                                                    • comres.dll, xrefs: 006B9187
                                                                                                    • Failed to initialize update bundle., xrefs: 006B91A9
                                                                                                    • BA aborted detect forward compatible bundle., xrefs: 006B916D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
                                                                                                    • API String ID: 1825529933-439563586
                                                                                                    • Opcode ID: 69311f52e105619a14a4cfd69706606e4b2b3365413a94070c146dfdd06a2370
                                                                                                    • Instruction ID: 858a0be96a152971e943cc460f2cadaaa6323a2f92f2eda400df70603be1a85a
                                                                                                    • Opcode Fuzzy Hash: 69311f52e105619a14a4cfd69706606e4b2b3365413a94070c146dfdd06a2370
                                                                                                    • Instruction Fuzzy Hash: 1A51A2B1600211BFDF55AF78CC85AAAB7ABFF06310B104569FA15DA251D731DCA0DBA0
                                                                                                    Function 006CC9BD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,006CD132,?,00000000,?,00000000,00000000), ref: 006CC9FF
                                                                                                    • __fassign.LIBCMT ref: 006CCA7A
                                                                                                    • __fassign.LIBCMT ref: 006CCA95
                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 006CCABB
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,006CD132,00000000,?,?,?,?,?,?,?,?,?,006CD132,?), ref: 006CCADA
                                                                                                    • WriteFile.KERNEL32(?,?,00000001,006CD132,00000000,?,?,?,?,?,?,?,?,?,006CD132,?), ref: 006CCB13
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 1324828854-0
                                                                                                    • Opcode ID: a7bf76c15751c77d2ac215de0cb8c9039e3cd32787a37d8316cc4b39809ba11b
                                                                                                    • Instruction ID: f759bcbd47555e04e0ba827382ba05463b6fbd0654083dc4824014f3ceca03f6
                                                                                                    • Opcode Fuzzy Hash: a7bf76c15751c77d2ac215de0cb8c9039e3cd32787a37d8316cc4b39809ba11b
                                                                                                    • Instruction Fuzzy Hash: E7517D71A002499FCB10CFA8D895FFEBBB6EF09310F14515EE559E7291E7309941CBA4
                                                                                                    Function 006AD206 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000001,006DB4F0,?,00000001,000000FF,?,?,75A8B390,00000000,00000001,00000000,?,006A72F3), ref: 006AD32F
                                                                                                    Strings
                                                                                                    • Failed to elevate., xrefs: 006AD311
                                                                                                    • Failed to create pipe name and client token., xrefs: 006AD270
                                                                                                    • Failed to create pipe and cache pipe., xrefs: 006AD28C
                                                                                                    • UX aborted elevation requirement., xrefs: 006AD244
                                                                                                    • elevation.cpp, xrefs: 006AD23A
                                                                                                    • Failed to connect to elevated child process., xrefs: 006AD318
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle
                                                                                                    • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                    • API String ID: 2962429428-3003415917
                                                                                                    • Opcode ID: 164f0e513538bb2f743959b56f19165ea3aed55a686046ccfc6dc183af499cfe
                                                                                                    • Instruction ID: 15fa8cd78ea271456663bb1fc2cfd92ddf304a8c96a22a8fd1fc524dab7ea394
                                                                                                    • Opcode Fuzzy Hash: 164f0e513538bb2f743959b56f19165ea3aed55a686046ccfc6dc183af499cfe
                                                                                                    • Instruction Fuzzy Hash: 1B315B32A45721BAEF25B2649C42FAB675F9F03720F11011AFA06A6581DA51AE008AA9
                                                                                                    Function 006D041B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(006FB60C,00000000,?,?,?,00695407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 006D042B
                                                                                                    • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,006FB604,?,00695407,00000000,Setup), ref: 006D04CC
                                                                                                    • GetLastError.KERNEL32(?,00695407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 006D04DC
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00695407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 006D0515
                                                                                                      • Part of subcall function 00692DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00692F1F
                                                                                                    • LeaveCriticalSection.KERNEL32(006FB60C,?,?,006FB604,?,00695407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 006D056E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                    • String ID: logutil.cpp
                                                                                                    • API String ID: 4111229724-3545173039
                                                                                                    • Opcode ID: 604a72823018e8f7677c19d85a5b7d041e3c5dbd1da8074db04f08bebb2dc74b
                                                                                                    • Instruction ID: bc3e6165806ee87f753c2335c7859211f762dd1ee5f9ee1e55a890cc17e95e83
                                                                                                    • Opcode Fuzzy Hash: 604a72823018e8f7677c19d85a5b7d041e3c5dbd1da8074db04f08bebb2dc74b
                                                                                                    • Instruction Fuzzy Hash: A6313271D01229BFEB219F61ED45FAA366BEB01794F01212AFE00E6350D770CD50DB94
                                                                                                    Function 006B3750 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 112COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 006B37B7
                                                                                                    Strings
                                                                                                    • Failed to escape string., xrefs: 006B3839
                                                                                                    • Failed to append property string part., xrefs: 006B382B
                                                                                                    • Failed to format property string part., xrefs: 006B3832
                                                                                                    • Failed to format property value., xrefs: 006B3840
                                                                                                    • %s%="%s", xrefs: 006B37EA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16
                                                                                                    • String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
                                                                                                    • API String ID: 3613110473-515423128
                                                                                                    • Opcode ID: 22a3c683bc349df29a663d5b9253b1305d3f62b9de2a6269ac0057adfcb06175
                                                                                                    • Instruction ID: 3980a2cef1e095af26767716187f70928b27c98a44da1716589cf93cad21685c
                                                                                                    • Opcode Fuzzy Hash: 22a3c683bc349df29a663d5b9253b1305d3f62b9de2a6269ac0057adfcb06175
                                                                                                    • Instruction Fuzzy Hash: BD31AEF2A0122AFFDF159E94CC42AEEB76AEF00B10F10017AF80166741D7709F919B95
                                                                                                    Function 00697203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,0069583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00697215
                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,0069583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 006972F4
                                                                                                    Strings
                                                                                                    • Failed to get variable: %ls, xrefs: 00697256
                                                                                                    • *****, xrefs: 006972B0, 006972BD
                                                                                                    • Failed to format value '%ls' of variable: %ls, xrefs: 006972BE
                                                                                                    • Failed to get unformatted string., xrefs: 00697285
                                                                                                    • Failed to get value as string for variable: %ls, xrefs: 006972E3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                    • API String ID: 3168844106-2873099529
                                                                                                    • Opcode ID: e8668d303894b1ccd5200b8964643a13c2cc28e223b9344dfe159abd4a97d350
                                                                                                    • Instruction ID: 5b4d14c0ad0e1b65cef5cdbe22a4b1ba7f907676e5490fbebe3227c8e7ca8e03
                                                                                                    • Opcode Fuzzy Hash: e8668d303894b1ccd5200b8964643a13c2cc28e223b9344dfe159abd4a97d350
                                                                                                    • Instruction Fuzzy Hash: F131D432D2461AFBDF215B90CC01B9E7B6BEF15720F10422AF8046AA50D731EB51DBC4
                                                                                                    Function 006A8BE5 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeAcl.ADVAPI32(?,00000008,00000002,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 006A8C30
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000001), ref: 006A8C3A
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000080,?,00000001,20000004,00000000,00000000,?,00000000,00000003,000007D0,?,00000000,00000000,?,?), ref: 006A8C9A
                                                                                                    Strings
                                                                                                    • Failed to initialize ACL., xrefs: 006A8C68
                                                                                                    • cache.cpp, xrefs: 006A8C5E
                                                                                                    • Failed to allocate administrator SID., xrefs: 006A8C16
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileInitializeLast
                                                                                                    • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
                                                                                                    • API String ID: 669721577-1117388985
                                                                                                    • Opcode ID: 1e4e13137960beb7c00af2445d8ab1d7e4b56413b6df9576c0510369b274a8cf
                                                                                                    • Instruction ID: 9abed7a67c9c8eefe92133f057684d521f1e3521eb6928b501a6640e63fcb823
                                                                                                    • Opcode Fuzzy Hash: 1e4e13137960beb7c00af2445d8ab1d7e4b56413b6df9576c0510369b274a8cf
                                                                                                    • Instruction Fuzzy Hash: 9A21EE72E41314BFEB106F959C85F9BB7ABEB01750F11402AFD05F7280EA705E005EA4
                                                                                                    Function 0069410D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,006A3ED4,00000001,feclient.dll,?,00000000,?,?,?,00694A0C), ref: 00694148
                                                                                                    • GetLastError.KERNEL32(?,?,006A3ED4,00000001,feclient.dll,?,00000000,?,?,?,00694A0C,?,?,006DB478,?,00000001), ref: 00694154
                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,006A3ED4,00000001,feclient.dll,?,00000000,?,?,?,00694A0C,?), ref: 0069418F
                                                                                                    • GetLastError.KERNEL32(?,?,006A3ED4,00000001,feclient.dll,?,00000000,?,?,?,00694A0C,?,?,006DB478,?,00000001), ref: 00694199
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentDirectoryErrorLast
                                                                                                    • String ID: crypt32.dll$dirutil.cpp
                                                                                                    • API String ID: 152501406-1104880720
                                                                                                    • Opcode ID: 0e775c02ff75126150dce7c3cd4c8e2e66181565f193f7e5d2b79fe60b775f01
                                                                                                    • Instruction ID: 52bb78bb0ef2fe45208643c5cf9b3e4de590ebb1f79295543c42c811f8c98c4a
                                                                                                    • Opcode Fuzzy Hash: 0e775c02ff75126150dce7c3cd4c8e2e66181565f193f7e5d2b79fe60b775f01
                                                                                                    • Instruction Fuzzy Hash: 64119D76E01727EBEF219AA94C84EBBB6DEDF14795B120136FD04E7610EB60CC4186E4
                                                                                                    Function 0069999B Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 006999B6
                                                                                                    • GetFileAttributesW.KERNEL32(00000000,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 006999CE
                                                                                                    • GetLastError.KERNEL32 ref: 006999D9
                                                                                                    Strings
                                                                                                    • Failed to set variable., xrefs: 00699A4E
                                                                                                    • Failed to format variable string., xrefs: 006999C1
                                                                                                    • Failed while searching directory search: %ls, for path: %ls, xrefs: 00699A16
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesErrorFileLastOpen@16
                                                                                                    • String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
                                                                                                    • API String ID: 1811509786-402580132
                                                                                                    • Opcode ID: 812d74d2f97ba6aa27cb28bb7bfddf44199aea1918ecf34db0e8dec874eb904a
                                                                                                    • Instruction ID: 3318763a9d80c670172c521c5546187ab4b855d635f5dd88ed617d8f8b861aca
                                                                                                    • Opcode Fuzzy Hash: 812d74d2f97ba6aa27cb28bb7bfddf44199aea1918ecf34db0e8dec874eb904a
                                                                                                    • Instruction Fuzzy Hash: 9121F932E40225FBDF11AAA8CC02BADB76FEF15320F25831EF810B6650D7315E5096E5
                                                                                                    Function 006B08F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • Failed to write during cabinet extraction., xrefs: 006B0997
                                                                                                    • cabextract.cpp, xrefs: 006B098D
                                                                                                    • Unexpected call to CabWrite()., xrefs: 006B0923
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                    • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                    • API String ID: 1970631241-3111339858
                                                                                                    • Opcode ID: 46412803278c57d0c9dc5f2cb7099de0d38e6454c6be86edab891c5dac03b9c0
                                                                                                    • Instruction ID: 15d7e5ff27811279fe10cacd3662cee12d607abcb4abc7619403163d176a59f8
                                                                                                    • Opcode Fuzzy Hash: 46412803278c57d0c9dc5f2cb7099de0d38e6454c6be86edab891c5dac03b9c0
                                                                                                    • Instruction Fuzzy Hash: C021A1B6600204EFEB04DFADDD84EAA7BEAFF84710F11115AFE18C7256D631D9008764
                                                                                                    Function 006B09B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 006B0A25
                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 006B0A37
                                                                                                    • SetFileTime.KERNEL32(?,?,?,?), ref: 006B0A4A
                                                                                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,006B0616,?,?), ref: 006B0A59
                                                                                                    Strings
                                                                                                    • Invalid operation for this state., xrefs: 006B09FE
                                                                                                    • cabextract.cpp, xrefs: 006B09F4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$File$CloseDateHandleLocal
                                                                                                    • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                    • API String ID: 609741386-1751360545
                                                                                                    • Opcode ID: 398b2b64024171b4e3496d4ad7c399ba9d0e08de2c5fe453edbfb0097138487c
                                                                                                    • Instruction ID: a334965c3ed54068c02edbbbf1f9fac4f01c1b192b3e569c0267bddb433e7095
                                                                                                    • Opcode Fuzzy Hash: 398b2b64024171b4e3496d4ad7c399ba9d0e08de2c5fe453edbfb0097138487c
                                                                                                    • Instruction Fuzzy Hash: 0321C3B2800319AB9710DFACDC488EB7BBEFE08720B10561AF811E66D1D770EA51CB90
                                                                                                    Function 006D8803 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32 ref: 006D884C
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 006D8874
                                                                                                    • GetLastError.KERNEL32 ref: 006D887E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastTime$FileSystem
                                                                                                    • String ID: Qdm$feclient.dll$inetutil.cpp
                                                                                                    • API String ID: 1528435940-1378665842
                                                                                                    • Opcode ID: 403dd73d753aee09b2b84c411ed156d0eaa65a924ee31c23068d163ed42367bb
                                                                                                    • Instruction ID: 45d133eaa276147203cb8537b9bc171f36122f06d21710d01a2a454d7b20c35d
                                                                                                    • Opcode Fuzzy Hash: 403dd73d753aee09b2b84c411ed156d0eaa65a924ee31c23068d163ed42367bb
                                                                                                    • Instruction Fuzzy Hash: A0116672E01229ABE750DBB9CD44BFBB7EDEF44350F12112AAE05E7250E6209D0497E5
                                                                                                    Function 006D3B4A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 006D3B98
                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 006D3BA2
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000), ref: 006D3BD5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseErrorExecuteHandleLastShell
                                                                                                    • String ID: <$PDGu$shelutil.cpp
                                                                                                    • API String ID: 3023784893-1811064489
                                                                                                    • Opcode ID: b6819cd4c1b3cbb3996f8c714a83e60d513e63e471cc6534813e3f8f59edecb7
                                                                                                    • Instruction ID: 918f5f30ca0a9a4f790ede58c13cf3f52042f8fd38d4cc4337d35f473ce7ccf5
                                                                                                    • Opcode Fuzzy Hash: b6819cd4c1b3cbb3996f8c714a83e60d513e63e471cc6534813e3f8f59edecb7
                                                                                                    • Instruction Fuzzy Hash: 1011E7B5E01228AFDB50DFA9D844ADEBBF9AF08750F00412AFD15E7350E7309A00CBA5
                                                                                                    Function 00699908 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 57COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0069997F
                                                                                                    Strings
                                                                                                    • =Si, xrefs: 00699908
                                                                                                    • Condition, xrefs: 0069991A
                                                                                                    • Failed to select condition node., xrefs: 00699936
                                                                                                    • Failed to get Condition inner text., xrefs: 0069994F
                                                                                                    • Failed to copy condition string from BSTR, xrefs: 00699969
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeString
                                                                                                    • String ID: =Si$Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
                                                                                                    • API String ID: 3341692771-1757753766
                                                                                                    • Opcode ID: 453c91b5d8e56d599bba017aec56bcfef4dab4d633ca96bf34a20fddf289443e
                                                                                                    • Instruction ID: 68622b7fc3391662e1698e398a5dc05e4812e92a4a04b65eae9be61da2b2bfe3
                                                                                                    • Opcode Fuzzy Hash: 453c91b5d8e56d599bba017aec56bcfef4dab4d633ca96bf34a20fddf289443e
                                                                                                    • Instruction Fuzzy Hash: 2B11E532D50228BBDF25AA94CD06FAD7B6EAF00750F15015EF800B6350CB719E00D7E0
                                                                                                    Function 006D9555 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                    • API String ID: 0-1718035505
                                                                                                    • Opcode ID: 62ded46a8abe2699515cfc3411ef2984118bd1113d8c99af4e7a56433be57651
                                                                                                    • Instruction ID: 18bf425b99905752f7042d31091555c8ca30184dba23582d94adf693e6aa2317
                                                                                                    • Opcode Fuzzy Hash: 62ded46a8abe2699515cfc3411ef2984118bd1113d8c99af4e7a56433be57651
                                                                                                    • Instruction Fuzzy Hash: 2D01AF76E422229B4F326E75BC845FB67DB9A81751311723BEA11C3380EB22C845D7F0
                                                                                                    Function 006D09BB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00695D8F,00000000), ref: 006D09CF
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 006D09D6
                                                                                                    • GetLastError.KERNEL32(?,?,?,00695D8F,00000000), ref: 006D09ED
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorHandleLastModuleProc
                                                                                                    • String ID: IsWow64Process$kernel32$procutil.cpp
                                                                                                    • API String ID: 4275029093-1586155540
                                                                                                    • Opcode ID: d3e0970d2a07167ec71b7d8c4ba4298e2e6bd03e3f627355100deffbb14dc17f
                                                                                                    • Instruction ID: 0b1daa663924a1342a5a1eb3b81935cde869b0b3213337452e514db17b9d3543
                                                                                                    • Opcode Fuzzy Hash: d3e0970d2a07167ec71b7d8c4ba4298e2e6bd03e3f627355100deffbb14dc17f
                                                                                                    • Instruction Fuzzy Hash: 49F06872E01329EBE7209FA5DC05AAB7B9AEF04751F025116BD05E7341DB708D00C7E5
                                                                                                    Function 006CA059 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006C3382,006C3382,?,?,?,006CA2AA,00000001,00000001,E3E85006), ref: 006CA0B3
                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006CA2AA,00000001,00000001,E3E85006,?,?,?), ref: 006CA139
                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,E3E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006CA233
                                                                                                    • __freea.LIBCMT ref: 006CA240
                                                                                                      • Part of subcall function 006C5154: HeapAlloc.KERNEL32(00000000,?,?,?,006C1E90,?,0000015D,?,?,?,?,006C32E9,000000FF,00000000,?,?), ref: 006C5186
                                                                                                    • __freea.LIBCMT ref: 006CA249
                                                                                                    • __freea.LIBCMT ref: 006CA26E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide__freea$AllocHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 3147120248-0
                                                                                                    • Opcode ID: 1c76f8e3dbc904d08cfd493eb59fecfb3bb22e378f1f9cfcae6ce2d4478698d7
                                                                                                    • Instruction ID: 2e23ccb65432a08d3eabcd3ffe1386f9aa3108fc4131eed9d985bc3751b6fc7a
                                                                                                    • Opcode Fuzzy Hash: 1c76f8e3dbc904d08cfd493eb59fecfb3bb22e378f1f9cfcae6ce2d4478698d7
                                                                                                    • Instruction Fuzzy Hash: 8951B37260021AAFDB259EA4CC85FFB77ABEB44758F19422DFC04D7240EB39DD408661
                                                                                                    Function 006D5D7F Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 159stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen
                                                                                                    • String ID: Qdm$dlutil.cpp$msasn1.dll
                                                                                                    • API String ID: 1659193697-3999546876
                                                                                                    • Opcode ID: cfdc1363f1932f07cb206f70ab807af7cec1441283597fbc82f5a61c8e48b743
                                                                                                    • Instruction ID: 732bfb0012d3527b9c5cc00d5ae00f8ce36bed9986667a7c68a199f2639c519a
                                                                                                    • Opcode Fuzzy Hash: cfdc1363f1932f07cb206f70ab807af7cec1441283597fbc82f5a61c8e48b743
                                                                                                    • Instruction Fuzzy Hash: CC517072D01615ABDB11AFA5CC849EFB7BBEF48750B06401AFA06A7710DB718D01DBA0
                                                                                                    Function 006AF6B8 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 006AF6D0
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 006AF81D
                                                                                                    Strings
                                                                                                    • Failed to recreate command-line for update bundle., xrefs: 006AF79C
                                                                                                    • update\%ls, xrefs: 006AF72E
                                                                                                    • Failed to set update bundle., xrefs: 006AF7F3
                                                                                                    • Failed to default local update source, xrefs: 006AF742
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to default local update source$Failed to recreate command-line for update bundle.$Failed to set update bundle.$update\%ls
                                                                                                    • API String ID: 3168844106-1266646976
                                                                                                    • Opcode ID: a6f101321f9362d1448e8315d27bf16a74f79a802aee7f70f72c0508672a8de9
                                                                                                    • Instruction ID: e0d6be08c6daa6c61d7abc0fbfe0283b5256fe2bdce85c438b8b6ca05348eab3
                                                                                                    • Opcode Fuzzy Hash: a6f101321f9362d1448e8315d27bf16a74f79a802aee7f70f72c0508672a8de9
                                                                                                    • Instruction Fuzzy Hash: 6041883190021AEFDF21AF94DC45EAA77AAEF05310F0142B9F905A6260E772ED509F92
                                                                                                    Function 006A8AA3 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 122sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Sleep.KERNEL32(000007D0,00000000,00000000), ref: 006A8B0F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Sleep
                                                                                                    • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$per-machine$per-user
                                                                                                    • API String ID: 3472027048-398165853
                                                                                                    • Opcode ID: 85256d45bbcabff435276e77232f83806e07fe08c0173495b310636266a9fa1a
                                                                                                    • Instruction ID: 1cfa6f3e5ba454cb217217bf02368e044ceebb464e4fea25d60508197493b5e8
                                                                                                    • Opcode Fuzzy Hash: 85256d45bbcabff435276e77232f83806e07fe08c0173495b310636266a9fa1a
                                                                                                    • Instruction Fuzzy Hash: B23103B2A01228BFEB11BA65CC43FBFB66FDF11710F01002AFD05E7242DA759D015AA5
                                                                                                    Function 006AE705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DefWindowProcW.USER32(?,00000082,?,?), ref: 006AE734
                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 006AE743
                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 006AE757
                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 006AE767
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 006AE781
                                                                                                    • PostQuitMessage.USER32(00000000), ref: 006AE7DE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                    • String ID:
                                                                                                    • API String ID: 3812958022-0
                                                                                                    • Opcode ID: b04c4a0ed2ac712f659eb5a762cc9b6231ffeff4de4b201d614075e71ee8ddfa
                                                                                                    • Instruction ID: e309f04f78122c890101d487efdb662c797a35b156380d83aa100423b2ab136f
                                                                                                    • Opcode Fuzzy Hash: b04c4a0ed2ac712f659eb5a762cc9b6231ffeff4de4b201d614075e71ee8ddfa
                                                                                                    • Instruction Fuzzy Hash: 5221A136504118FFDF11AFA8DC48EAA7BABEF46350F164519F906AA2A0C731DD10EF60
                                                                                                    Function 006AC59C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • Unexpected elevated message sent to child process, msg: %u, xrefs: 006AC794
                                                                                                    • Failed to save state., xrefs: 006AC661
                                                                                                    • elevation.cpp, xrefs: 006AC788
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandleMutexRelease
                                                                                                    • String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
                                                                                                    • API String ID: 4207627910-1576875097
                                                                                                    • Opcode ID: 7b3d38b42adbc7a8fa9b2891a53efe6fe8d8f0c46fdfba893fc04c8afd2b8769
                                                                                                    • Instruction ID: cbb90bd848ea3f10c319bdbd81001c0e1392ea8aa3cf1bdc45c2efcc8b1a92db
                                                                                                    • Opcode Fuzzy Hash: 7b3d38b42adbc7a8fa9b2891a53efe6fe8d8f0c46fdfba893fc04c8afd2b8769
                                                                                                    • Instruction Fuzzy Hash: 2A61A43A100614EFCB226F94CD41C56BBA3FF0A7247158559FAA95A632C732ED21FF44
                                                                                                    Function 006D10C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 006D10ED
                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,006A6EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 006D1126
                                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 006D121A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$lstrlen
                                                                                                    • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                    • API String ID: 3790715954-1648651458
                                                                                                    • Opcode ID: fb5592502368dad29049fff4daa0e8fdda5a6cb048333b1a6cc93d9565d11332
                                                                                                    • Instruction ID: d78be012d91e146eb51159f6899d588526571d6181cb33710f90004435c0027c
                                                                                                    • Opcode Fuzzy Hash: fb5592502368dad29049fff4daa0e8fdda5a6cb048333b1a6cc93d9565d11332
                                                                                                    • Instruction Fuzzy Hash: 90419431E0021ABBDB259F95C881AAEB7BBEF45710F11416AE915DF310D671EE428B90
                                                                                                    Function 006D61FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D47D3: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,006A8564,00000000,00000000,00000000,00000000,00000000), ref: 006D47EB
                                                                                                      • Part of subcall function 006D47D3: GetLastError.KERNEL32(?,?,?,006A8564,00000000,00000000,00000000,00000000,00000000), ref: 006D47F5
                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,006D5AC5,?,?,?,?,?,?,?,00010000,?), ref: 006D6263
                                                                                                    • WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,006D5AC5,?,?,?,?), ref: 006D62B5
                                                                                                    • GetLastError.KERNEL32(?,006D5AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 006D62FB
                                                                                                    • GetLastError.KERNEL32(?,006D5AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 006D6321
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$Write$Pointer
                                                                                                    • String ID: dlutil.cpp
                                                                                                    • API String ID: 133221148-2067379296
                                                                                                    • Opcode ID: 68212ac85516bcbc3fd73eacbf8a46c06897fa0b4b6a5d01cf3c961ce4c3d197
                                                                                                    • Instruction ID: 20a9e69b54d9eb2e7d9ce62a40c43bf9665898bfe1a85757b33b7aa2a2941d75
                                                                                                    • Opcode Fuzzy Hash: 68212ac85516bcbc3fd73eacbf8a46c06897fa0b4b6a5d01cf3c961ce4c3d197
                                                                                                    • Instruction Fuzzy Hash: 97417E72D00219EFEB118EA4CD84BEA7BAAFF04350F15012AFD14E6290D771DD60DBA4
                                                                                                    Function 00692436 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,006CFEE7,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,006CFEE7,?,00000000,00000000), ref: 0069247C
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,006CFEE7,?,00000000,00000000,0000FDE9), ref: 00692488
                                                                                                      • Part of subcall function 00693B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B59
                                                                                                      • Part of subcall function 00693B51: HeapSize.KERNEL32(00000000,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B60
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                    • String ID: strutil.cpp
                                                                                                    • API String ID: 3662877508-3612885251
                                                                                                    • Opcode ID: da4b6193e077179f516f4e06369d306a0ddb6888dda8014ee6a547bfe7cfbdfa
                                                                                                    • Instruction ID: 7c6edafd398d412b089f2ce72686c49b494ee2c76099ecbe5dc05cae86ce8802
                                                                                                    • Opcode Fuzzy Hash: da4b6193e077179f516f4e06369d306a0ddb6888dda8014ee6a547bfe7cfbdfa
                                                                                                    • Instruction Fuzzy Hash: 1431C67120021ABFEF109E69CCE4ABA32DFEB44764B11422AF925DB6A0D761CC519764
                                                                                                    Function 006BAAE8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Failed to extract payload: %ls from container: %ls, xrefs: 006BABE3
                                                                                                    • Failed to extract all payloads from container: %ls, xrefs: 006BAB9C
                                                                                                    • Failed to open container: %ls., xrefs: 006BAB2A
                                                                                                    • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 006BABEF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorFileLast
                                                                                                    • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                    • API String ID: 1214770103-3891707333
                                                                                                    • Opcode ID: ea6f44549ae55b0370aa3dd210fa7d9be376f401f02a3c66765d51be686fb574
                                                                                                    • Instruction ID: 321b3ca790fcfe63bd09e71b83428eda3bb09f6db0d36bf96d2731eeacf42ab0
                                                                                                    • Opcode Fuzzy Hash: ea6f44549ae55b0370aa3dd210fa7d9be376f401f02a3c66765d51be686fb574
                                                                                                    • Instruction Fuzzy Hash: AD31A572D00219FBCF219AE4CC82EDE776BAF04720F204569FD21A6291E7319991DB95
                                                                                                    Function 006D40C8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,006D4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,006A9E5F,00000000), ref: 006D40ED
                                                                                                    • GetLastError.KERNEL32(00000001,?,006D4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,006A9E5F,00000000,000007D0,00000001,00000001,00000003), ref: 006D40FC
                                                                                                    • MoveFileExW.KERNEL32(00000003,00000001,000007D0,00000001,00000000,?,006D4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,006A9E5F,00000000), ref: 006D417F
                                                                                                    • GetLastError.KERNEL32(?,006D4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,006A9E5F,00000000,000007D0,00000001,00000001,00000003,000007D0), ref: 006D4189
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastMove
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 55378915-2967768451
                                                                                                    • Opcode ID: 67f1a86c07fdf92b18698d7cdb104679049b4e4c27b975a9dcbf529ce8c50ba9
                                                                                                    • Instruction ID: 74fb62e83ca42f4ffd0cc766e1366643beb4b4f5052680b5be6835e115dd412b
                                                                                                    • Opcode Fuzzy Hash: 67f1a86c07fdf92b18698d7cdb104679049b4e4c27b975a9dcbf529ce8c50ba9
                                                                                                    • Instruction Fuzzy Hash: DA21D036E01326ABDB211E688C416BFB69BEB657A1F02013BFD45A7350DF308C9192E0
                                                                                                    Function 006D4212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D4315: FindFirstFileW.KERNEL32(006B8FFA,?,000002C0,00000000,00000000), ref: 006D4350
                                                                                                      • Part of subcall function 006D4315: FindClose.KERNEL32(00000000), ref: 006D435C
                                                                                                    • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 006D4305
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                      • Part of subcall function 006D10C5: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 006D10ED
                                                                                                      • Part of subcall function 006D10C5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,006A6EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 006D1126
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                    • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                    • API String ID: 3397690329-3978359083
                                                                                                    • Opcode ID: a635b3701c9d9212c8d0fa716ec90e80ae6c661157d77e1be0525daae497946f
                                                                                                    • Instruction ID: ec9a3487e3f7445a24c0ebd01e2b39e0fcafafa04d22b500d3563ef9dbb214bb
                                                                                                    • Opcode Fuzzy Hash: a635b3701c9d9212c8d0fa716ec90e80ae6c661157d77e1be0525daae497946f
                                                                                                    • Instruction Fuzzy Hash: 2C316A35E00219ABDF21AFE68881AEEB77BEB00750F55817BF904A6351DB319F40CB54
                                                                                                    Function 0069EEF9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,00000001,000000FF,?,000000FF,00000001,PackageVersion,00000001,?,006A04CB,00000001,00000001,00000001,006A04CB,00000000), ref: 0069EF70
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,PackageVersion,00000001,?,006A04CB,00000001,00000001,00000001,006A04CB,00000000,00000001,00000002,006A04CB,00000001), ref: 0069EF87
                                                                                                    Strings
                                                                                                    • Failed to format key for update registration., xrefs: 0069EF26
                                                                                                    • Failed to remove update registration key: %ls, xrefs: 0069EFB4
                                                                                                    • PackageVersion, xrefs: 0069EF51
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCompareString
                                                                                                    • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
                                                                                                    • API String ID: 446873843-3222553582
                                                                                                    • Opcode ID: b89ae4771a9c7434cef37ca4623ba08cf825b4be406e192491fd1aefca52c596
                                                                                                    • Instruction ID: 671d15c15659d43968ecc9da98fa164876748189df92a5ff645dff91ede86d5a
                                                                                                    • Opcode Fuzzy Hash: b89ae4771a9c7434cef37ca4623ba08cf825b4be406e192491fd1aefca52c596
                                                                                                    • Instruction Fuzzy Hash: D2219E32E01218BBDF21DAA5CC46EDEBBBEEF04711F21416BF911A6690D7329E408690
                                                                                                    Function 0069EE0F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0069EE4A
                                                                                                      • Part of subcall function 006D4038: SetFileAttributesW.KERNEL32(006B8FFA,00000080,00000000,006B8FFA,000000FF,00000000,?,?,006B8FFA), ref: 006D4067
                                                                                                      • Part of subcall function 006D4038: GetLastError.KERNEL32(?,?,006B8FFA), ref: 006D4071
                                                                                                      • Part of subcall function 00693B6A: RemoveDirectoryW.KERNEL32(00000001,00000000,00000000,00000000,?,?,0069EE95,00000001,00000000,00000095,00000001,006A04DA,00000095,00000000,swidtag,00000001), ref: 00693B87
                                                                                                    Strings
                                                                                                    • Failed to format tag folder path., xrefs: 0069EEB7
                                                                                                    • Failed to allocate regid folder path., xrefs: 0069EEB0
                                                                                                    • swidtag, xrefs: 0069EE59
                                                                                                    • Failed to allocate regid file path., xrefs: 0069EEA9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesDirectoryErrorFileLastOpen@16Remove
                                                                                                    • String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to format tag folder path.$swidtag
                                                                                                    • API String ID: 1428973842-4170906717
                                                                                                    • Opcode ID: 69d79d46214153104d81cf914e3502cfa624518366bef507ac7192db94cea0f4
                                                                                                    • Instruction ID: 311d6e270f1e23b57541da900e52b07f9cbd66aa9307c4037b926f40b08b9374
                                                                                                    • Opcode Fuzzy Hash: 69d79d46214153104d81cf914e3502cfa624518366bef507ac7192db94cea0f4
                                                                                                    • Instruction Fuzzy Hash: B3218132D01618FBCF15EB9ACC01AADBBBBEF44310F14C0AAF404A6661D7329E509B54
                                                                                                    Function 006B8B73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,00000000,000000FF,?,000000FF,00000000,00000000,00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4), ref: 006B8BF7
                                                                                                    • RegCloseKey.ADVAPI32(00000000,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,00000000,00000100,00000100,000001B4,?,?,?,0069F66B,00000001,00000100,000001B4,00000000), ref: 006B8C45
                                                                                                    Strings
                                                                                                    • Failed to enumerate uninstall key for related bundles., xrefs: 006B8C56
                                                                                                    • Failed to open uninstall registry key., xrefs: 006B8BBA
                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 006B8B94
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCompareOpenString
                                                                                                    • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                    • API String ID: 2817536665-2531018330
                                                                                                    • Opcode ID: da38f2d617662a27b18e17c2dc3ec4bdae42277b84f917875a73e598f4424738
                                                                                                    • Instruction ID: 13734af028a083111ba1a3a785e08f36b6cc7ead06d659ff0205ff2259230a7f
                                                                                                    • Opcode Fuzzy Hash: da38f2d617662a27b18e17c2dc3ec4bdae42277b84f917875a73e598f4424738
                                                                                                    • Instruction Fuzzy Hash: 112182B2901218FEDB21ABA4CC46FEEBA6FEB00321F254669F51067191CB754ED0D794
                                                                                                    Function 006D3F04 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CopyFileW.KERNEL32(00000000,00694CB6,00000000,?,?,00000000,?,006D4012,00000000,00694CB6,00000000,00000000,?,006A83E2,?,?), ref: 006D3F1E
                                                                                                    • GetLastError.KERNEL32(?,006D4012,00000000,00694CB6,00000000,00000000,?,006A83E2,?,?,00000001,00000003,000007D0,?,?,?), ref: 006D3F2C
                                                                                                    • CopyFileW.KERNEL32(00000000,00694CB6,00000000,00694CB6,00000000,?,006D4012,00000000,00694CB6,00000000,00000000,?,006A83E2,?,?,00000001), ref: 006D3F92
                                                                                                    • GetLastError.KERNEL32(?,006D4012,00000000,00694CB6,00000000,00000000,?,006A83E2,?,?,00000001,00000003,000007D0,?,?,?), ref: 006D3F9C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CopyErrorFileLast
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 374144340-2967768451
                                                                                                    • Opcode ID: 335fb44a25c316823d7e44838aa8f5607382c42ed14b13e08764e79f31a31f48
                                                                                                    • Instruction ID: 199fa5ea1b7d7277d822e4490a41253e39a4c42f6e19f48ecf39b0e069bffc5d
                                                                                                    • Opcode Fuzzy Hash: 335fb44a25c316823d7e44838aa8f5607382c42ed14b13e08764e79f31a31f48
                                                                                                    • Instruction Fuzzy Hash: DE21AB36E4573A9ADB201F655C44BBB76BADF84BA0B164027FD05DB350D760CE0192E2
                                                                                                    Function 006D31C7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantInit.OLEAUT32(?), ref: 006D31DD
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 006D31F9
                                                                                                    • VariantClear.OLEAUT32(?), ref: 006D3280
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D328B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 760788290-1270936966
                                                                                                    • Opcode ID: 4ba1bbb5d8c2e20b23f66a20a8e38ab050cccaa2272bcdebd35c05fc5cc6b536
                                                                                                    • Instruction ID: 464152ceef3c673703e9b737ab35d364b0882c263d39fc7ad86ebd9244acec54
                                                                                                    • Opcode Fuzzy Hash: 4ba1bbb5d8c2e20b23f66a20a8e38ab050cccaa2272bcdebd35c05fc5cc6b536
                                                                                                    • Instruction Fuzzy Hash: 5121A631D01229EFCB20DBA8C848EAE7BBAAF44750F154159F905AB310CB319F01DBD1
                                                                                                    Function 006BD047 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006BD0DC
                                                                                                    • ReleaseMutex.KERNEL32(?), ref: 006BD10A
                                                                                                    • SetEvent.KERNEL32(?), ref: 006BD113
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
                                                                                                    • String ID: Failed to allocate buffer.$NetFxChainer.cpp
                                                                                                    • API String ID: 944053411-3611226795
                                                                                                    • Opcode ID: 84a0f34a0a0dc5500bbf08ab7e63bcfb7d8382af624a145169bad7f6d1ef639a
                                                                                                    • Instruction ID: 2b120e82b83b78e1f61d292f0f1ab304e4dddba6db66d219ec1d7f4c6693706b
                                                                                                    • Opcode Fuzzy Hash: 84a0f34a0a0dc5500bbf08ab7e63bcfb7d8382af624a145169bad7f6d1ef639a
                                                                                                    • Instruction Fuzzy Hash: 5021E5B4A0030AFFDB109F68DC44AA9B7F6FF08314F108629F9249B351D771A990CB50
                                                                                                    Function 006955B6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,0069648B,0069648B,?,0069554A,?,?,00000000), ref: 006955F2
                                                                                                    • GetLastError.KERNEL32(?,0069554A,?,?,00000000,?,00000000,0069648B,?,00697DDC,?,?,?,?,?), ref: 00695621
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareErrorLastString
                                                                                                    • String ID: Failed to compare strings.$variable.cpp$version.dll
                                                                                                    • API String ID: 1733990998-4228644734
                                                                                                    • Opcode ID: 44589fb58c5e57e76dfa15d124afed1e5bafcd103b5145706533cb7ab510d19a
                                                                                                    • Instruction ID: c6c866195cc1ea4120673ccda36024458e438d021b7aacfecb8f00828f95fb87
                                                                                                    • Opcode Fuzzy Hash: 44589fb58c5e57e76dfa15d124afed1e5bafcd103b5145706533cb7ab510d19a
                                                                                                    • Instruction Fuzzy Hash: 7A213E32A01614EFCB118FACCC41A99B7AAEF09760F610319F815EB7E0D630DD02C790
                                                                                                    Function 006D57BF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • QueryServiceConfigW.ADVAPI32(00000000,00000000,00000000,?,00000001,00000000,?,?,006B68CE,00000000,?), ref: 006D57D5
                                                                                                    • GetLastError.KERNEL32(?,?,006B68CE,00000000,?,?,?,?,?,?,?,?,?,006B6CE1,?,?), ref: 006D57E3
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • QueryServiceConfigW.ADVAPI32(00000000,00000000,?,?,?,00000001,?,?,006B68CE,00000000,?), ref: 006D581D
                                                                                                    • GetLastError.KERNEL32(?,?,006B68CE,00000000,?,?,?,?,?,?,?,?,?,006B6CE1,?,?), ref: 006D5827
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ConfigErrorHeapLastQueryService$AllocateProcess
                                                                                                    • String ID: svcutil.cpp
                                                                                                    • API String ID: 355237494-1746323212
                                                                                                    • Opcode ID: fe8847f89680cb35c52dd70dea5512be1ae166323c0b4f0b80e2e10190878dbf
                                                                                                    • Instruction ID: e19ed5de00ffab00eeea85d95db274c8c0c01af0717cccce6ef5b8a695dc8904
                                                                                                    • Opcode Fuzzy Hash: fe8847f89680cb35c52dd70dea5512be1ae166323c0b4f0b80e2e10190878dbf
                                                                                                    • Instruction Fuzzy Hash: 8721C636E41634FBEB205A568D05BAB7AAFDF44790F12011BFD16EB710D661CD01A6E0
                                                                                                    Function 006996F4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _memcpy_s
                                                                                                    • String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
                                                                                                    • API String ID: 2001391462-1605196437
                                                                                                    • Opcode ID: 85df96026d485a810e71ade2d03b559faa8a7754e71beee80a61f481868d4095
                                                                                                    • Instruction ID: 804b2c5596e0c28dbeda7e84a790c257f496f8ee0a352eed743b1c1f054fea56
                                                                                                    • Opcode Fuzzy Hash: 85df96026d485a810e71ade2d03b559faa8a7754e71beee80a61f481868d4095
                                                                                                    • Instruction Fuzzy Hash: 5811C8726902247ADF513DACDC86E973A5FDB06720F04005EF9045EB92CA62C91087B5
                                                                                                    Function 00699D03 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 00699D25
                                                                                                    Strings
                                                                                                    • File search: %ls, did not find path: %ls, xrefs: 00699D90
                                                                                                    • Failed to set variable., xrefs: 00699D84
                                                                                                    • Failed get file version., xrefs: 00699D65
                                                                                                    • Failed to format path string., xrefs: 00699D30
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16
                                                                                                    • String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
                                                                                                    • API String ID: 3613110473-2458530209
                                                                                                    • Opcode ID: 296a9729c76187fec84919a02cc2c9dfed6313d13b8c973b5f5e933e2aba2c0e
                                                                                                    • Instruction ID: 009fe9eb66cf7b53493c7df3b0e48fe8b44519c7a460c0323956327d75109d49
                                                                                                    • Opcode Fuzzy Hash: 296a9729c76187fec84919a02cc2c9dfed6313d13b8c973b5f5e933e2aba2c0e
                                                                                                    • Instruction Fuzzy Hash: 4811B136D00529BBCF526EA88C829AEBB2EEF00310F15416AF80466611D6325E6497E1
                                                                                                    Function 006A4880 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,006A51A4), ref: 006A48CC
                                                                                                    Strings
                                                                                                    • pipe.cpp, xrefs: 006A4904
                                                                                                    • Failed to allocate message to write., xrefs: 006A48AB
                                                                                                    • Failed to write message type to pipe., xrefs: 006A490E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite
                                                                                                    • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                                                    • API String ID: 3934441357-1996674626
                                                                                                    • Opcode ID: 96123d33cd23b84ec0f41f61f15626f7ede4aadcf96580bd45595e45607fb89a
                                                                                                    • Instruction ID: 036b9cf9ec2bf39819bb27234a0262c9f156123bf57a16e233c0e42c7e2cc61e
                                                                                                    • Opcode Fuzzy Hash: 96123d33cd23b84ec0f41f61f15626f7ede4aadcf96580bd45595e45607fb89a
                                                                                                    • Instruction Fuzzy Hash: D911A272901219FFDB11EF99DD05ADF7BEBEB85340F110166F800A6250DBB09E50DAA4
                                                                                                    Function 006A8003 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,006A8C10,0000001A,00000000,?,00000000,00000000), ref: 006A804C
                                                                                                    • GetLastError.KERNEL32(?,?,006A8C10,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 006A8056
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateCreateErrorKnownLastProcessWell
                                                                                                    • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
                                                                                                    • API String ID: 2186923214-2110050797
                                                                                                    • Opcode ID: 1223f8a2ea4dff9b6ced569ff7384648ae2c39d90aa45706499f0a769be379a5
                                                                                                    • Instruction ID: 4940b51bab96b3bbe06695090ff46a627c641917311122c80e1780a36a58ff23
                                                                                                    • Opcode Fuzzy Hash: 1223f8a2ea4dff9b6ced569ff7384648ae2c39d90aa45706499f0a769be379a5
                                                                                                    • Instruction Fuzzy Hash: 8C010C72A51324BEE760767A9C06F5B6A9FDF41B60F12001BFD04EB340ED658D0156E4
                                                                                                    Function 006BDB67 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000003E8,000004FF), ref: 006BDB95
                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 006BDBBF
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,006BDD8F,00000000,?,?,?,00000001,00000000), ref: 006BDBC7
                                                                                                    Strings
                                                                                                    • bitsengine.cpp, xrefs: 006BDBEB
                                                                                                    • Failed while waiting for download., xrefs: 006BDBF5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessageMultipleObjectsPeekWait
                                                                                                    • String ID: Failed while waiting for download.$bitsengine.cpp
                                                                                                    • API String ID: 435350009-228655868
                                                                                                    • Opcode ID: eca6696a6c79bfd562ba5f530bc6d38b738297e19664924457c11bb5d707bdd0
                                                                                                    • Instruction ID: 22a21616717d7a2791826ef0b375596d5b6f9e13fa5f605eed4b082716e5f975
                                                                                                    • Opcode Fuzzy Hash: eca6696a6c79bfd562ba5f530bc6d38b738297e19664924457c11bb5d707bdd0
                                                                                                    • Instruction Fuzzy Hash: 511123B3B41325B7E7105AB99C45EDB7B9EEF05750F020126FD04EA2C4D5615D4086E4
                                                                                                    Function 00695E0B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 58COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetComputerNameW.KERNEL32(?,00000010), ref: 00695E39
                                                                                                    • GetLastError.KERNEL32 ref: 00695E43
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ComputerErrorLastName
                                                                                                    • String ID: Failed to get computer name.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 3560734967-484636765
                                                                                                    • Opcode ID: caaa9f4b970bd4bfa1528fc4049e545dcc9d4268924b7e79e739d8aa2442836f
                                                                                                    • Instruction ID: 1edd1a7ac4b62d67c707514189a49c05295e110230ed681df473045e3d231434
                                                                                                    • Opcode Fuzzy Hash: caaa9f4b970bd4bfa1528fc4049e545dcc9d4268924b7e79e739d8aa2442836f
                                                                                                    • Instruction Fuzzy Hash: 9B01CC72E41628ABDB11DBA59C05AEF77EDEB08720F01011BFD05F7240DA719E0587E5
                                                                                                    Function 00695D71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 00695D83
                                                                                                      • Part of subcall function 006D09BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00695D8F,00000000), ref: 006D09CF
                                                                                                      • Part of subcall function 006D09BB: GetProcAddress.KERNEL32(00000000), ref: 006D09D6
                                                                                                      • Part of subcall function 006D09BB: GetLastError.KERNEL32(?,?,?,00695D8F,00000000), ref: 006D09ED
                                                                                                      • Part of subcall function 006D3BF7: SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 006D3C24
                                                                                                    Strings
                                                                                                    • Failed to get shell folder., xrefs: 00695DB7
                                                                                                    • variable.cpp, xrefs: 00695DAD
                                                                                                    • Failed to get 64-bit folder., xrefs: 00695DCD
                                                                                                    • Failed to set variant value., xrefs: 00695DE7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressCurrentErrorFolderHandleLastModulePathProcProcess
                                                                                                    • String ID: Failed to get 64-bit folder.$Failed to get shell folder.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 2084161155-3906113122
                                                                                                    • Opcode ID: cb6b8ef1d50e1f667d6078caae3054922dd8ad3cc2bec76eb38c2d3407e97532
                                                                                                    • Instruction ID: a7778eb18b4d6251d200041f8a9001ce70cb8720b0522026a1267b9ca81b6e78
                                                                                                    • Opcode Fuzzy Hash: cb6b8ef1d50e1f667d6078caae3054922dd8ad3cc2bec76eb38c2d3407e97532
                                                                                                    • Instruction Fuzzy Hash: 7F01A131D40629B7DF12B690CC0ABEE7A6F9F00720F11415BF801BAA51CAB59E44D7D9
                                                                                                    Function 00696644 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 0069667D
                                                                                                    • GetLastError.KERNEL32 ref: 00696687
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastPathTemp
                                                                                                    • String ID: Failed to get temp path.$Failed to set variant value.$variable.cpp
                                                                                                    • API String ID: 1238063741-2915113195
                                                                                                    • Opcode ID: 9b2a7e216cb8391a0854345d8bcfe5fe2e7604d849cb78908ed75c0f6a2f6c09
                                                                                                    • Instruction ID: e0ad45f60e0b615d52361863975ea0626b914d84e1a671dce65566f183e5ffcc
                                                                                                    • Opcode Fuzzy Hash: 9b2a7e216cb8391a0854345d8bcfe5fe2e7604d849cb78908ed75c0f6a2f6c09
                                                                                                    • Instruction Fuzzy Hash: F601FEB1E41338A7EB20EBB49C06FEA739E9B00750F11015BFD04F7281EA609E0487D9
                                                                                                    Function 006D4038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D4315: FindFirstFileW.KERNEL32(006B8FFA,?,000002C0,00000000,00000000), ref: 006D4350
                                                                                                      • Part of subcall function 006D4315: FindClose.KERNEL32(00000000), ref: 006D435C
                                                                                                    • SetFileAttributesW.KERNEL32(006B8FFA,00000080,00000000,006B8FFA,000000FF,00000000,?,?,006B8FFA), ref: 006D4067
                                                                                                    • GetLastError.KERNEL32(?,?,006B8FFA), ref: 006D4071
                                                                                                    • DeleteFileW.KERNEL32(006B8FFA,00000000,006B8FFA,000000FF,00000000,?,?,006B8FFA), ref: 006D4090
                                                                                                    • GetLastError.KERNEL32(?,?,006B8FFA), ref: 006D409A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 3967264933-2967768451
                                                                                                    • Opcode ID: 74528d7b24f8a899217fec5ad1a3e6b9877a4a06ba977d2c9495f1f40c7a235f
                                                                                                    • Instruction ID: f62e0e14ff1542b3d8fc09a920597534dc031820d063dd39110228eb5c762a27
                                                                                                    • Opcode Fuzzy Hash: 74528d7b24f8a899217fec5ad1a3e6b9877a4a06ba977d2c9495f1f40c7a235f
                                                                                                    • Instruction Fuzzy Hash: 1F015E31E01735A7D7216BB98D08A9B7ADAAF047A1F024317FE15E62A0DB718E0095E5
                                                                                                    Function 006BD7CC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 006BD7E1
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 006BD826
                                                                                                    • SetEvent.KERNEL32(?,?,?,?), ref: 006BD83A
                                                                                                    Strings
                                                                                                    • Failed to get state during job modification., xrefs: 006BD7FA
                                                                                                    • Failure while sending progress during BITS job modification., xrefs: 006BD815
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterEventLeave
                                                                                                    • String ID: Failed to get state during job modification.$Failure while sending progress during BITS job modification.
                                                                                                    • API String ID: 3094578987-1258544340
                                                                                                    • Opcode ID: fbda8f433c9e6eacee8534d865836d6c4c0b7d5bbec9b5be19e1451898422a18
                                                                                                    • Instruction ID: d99083f50bfe1e4b4f93ed023c5cd606097c9c6e00a20398e900e413e3df5549
                                                                                                    • Opcode Fuzzy Hash: fbda8f433c9e6eacee8534d865836d6c4c0b7d5bbec9b5be19e1451898422a18
                                                                                                    • Instruction Fuzzy Hash: 970192B2901625EBCB119B55D845AAEB7AEFF08731B11415AE804DB600E730FD448BD4
                                                                                                    Function 006BDA45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000008,?,00000000,00000000,00000000,?,006BDBB5), ref: 006BDA59
                                                                                                    • LeaveCriticalSection.KERNEL32(00000008,?,006BDBB5), ref: 006BDA9E
                                                                                                    • SetEvent.KERNEL32(?,?,006BDBB5), ref: 006BDAB2
                                                                                                    Strings
                                                                                                    • Failed to get BITS job state., xrefs: 006BDA72
                                                                                                    • Failure while sending progress., xrefs: 006BDA8D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterEventLeave
                                                                                                    • String ID: Failed to get BITS job state.$Failure while sending progress.
                                                                                                    • API String ID: 3094578987-2876445054
                                                                                                    • Opcode ID: c40c79cbb241e641df0045617a8a31cecae6bc0ca3f9c1f4e57dcb266edd9aab
                                                                                                    • Instruction ID: 3cd78735f97e5a1e3751c750fa0c30380d1034b127dcaa27a98b1c43c1f902b1
                                                                                                    • Opcode Fuzzy Hash: c40c79cbb241e641df0045617a8a31cecae6bc0ca3f9c1f4e57dcb266edd9aab
                                                                                                    • Instruction Fuzzy Hash: 7501F1B2A05625FBCB11DB55D849DAEB7AAFF08721B01021AF9099B210EB34ED40C7D8
                                                                                                    Function 006BD5AF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,006BDD19,?,?,?,?,?,00000001,00000000,?), ref: 006BD5C9
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,006BDD19,?,?,?,?,?,00000001,00000000,?), ref: 006BD5D4
                                                                                                    • GetLastError.KERNEL32(?,006BDD19,?,?,?,?,?,00000001,00000000,?), ref: 006BD5E1
                                                                                                    Strings
                                                                                                    • bitsengine.cpp, xrefs: 006BD605
                                                                                                    • Failed to create BITS job complete event., xrefs: 006BD60F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateCriticalErrorEventInitializeLastSection
                                                                                                    • String ID: Failed to create BITS job complete event.$bitsengine.cpp
                                                                                                    • API String ID: 3069647169-3441864216
                                                                                                    • Opcode ID: 35055bed5ea92d6e44d7dc47734f40e4b81dfe153ba067a8ac49913fa9444ee8
                                                                                                    • Instruction ID: 4bcc57b5aa103e12ffb67d396417daae8d84564ba25f34375efe3dbd571302ef
                                                                                                    • Opcode Fuzzy Hash: 35055bed5ea92d6e44d7dc47734f40e4b81dfe153ba067a8ac49913fa9444ee8
                                                                                                    • Instruction Fuzzy Hash: 01019EB2A01726BBE7109F6ADC05A87BBDAFF09760F015127F908D7641E77098108BE8
                                                                                                    Function 0069D39D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,006A6E4B,000000B8,00000000,?,00000000,75A8B390), ref: 0069D3AC
                                                                                                    • InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 0069D3BB
                                                                                                    • LeaveCriticalSection.KERNEL32(000000D0,?,006A6E4B,000000B8,00000000,?,00000000,75A8B390), ref: 0069D3D0
                                                                                                    Strings
                                                                                                    • Engine active cannot be changed because it was already in that state., xrefs: 0069D3F3
                                                                                                    • userexperience.cpp, xrefs: 0069D3E9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
                                                                                                    • String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
                                                                                                    • API String ID: 3376869089-1544469594
                                                                                                    • Opcode ID: e967d6789cfe936e0ccbc4d85c3fb95acaee7eec5351c25540a3f0ead1ba69d7
                                                                                                    • Instruction ID: a324f05fff3f3ecfa4c3d67a5ddd51c97ae77d5f34da213bd4144a3221aa4f02
                                                                                                    • Opcode Fuzzy Hash: e967d6789cfe936e0ccbc4d85c3fb95acaee7eec5351c25540a3f0ead1ba69d7
                                                                                                    • Instruction Fuzzy Hash: 71F0AF72700304AB9B206FA6EC84E9773AEEB86B65701542BF901C7640DA70E9058739
                                                                                                    Function 006D1B28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 006D1B53
                                                                                                    • GetLastError.KERNEL32(?,006948D4,00000001,?,?,0069444C,?,?,?,?,0069535E,?,?,?,?), ref: 006D1B62
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorLastProc
                                                                                                    • String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
                                                                                                    • API String ID: 199729137-398595594
                                                                                                    • Opcode ID: 85d9069b6f653462890f5a108465cb2b3cd90babf5891aee5df1ee71e33b16ab
                                                                                                    • Instruction ID: 65e6229f69cee0c5c001a073f81d8db47f6da8349f4746c1a85e40e7bc33ae8e
                                                                                                    • Opcode Fuzzy Hash: 85d9069b6f653462890f5a108465cb2b3cd90babf5891aee5df1ee71e33b16ab
                                                                                                    • Instruction Fuzzy Hash: 34F02136F80236B7E72126B5DC05B762A838B02790F025127FD00EE750EBE08C00C2E9
                                                                                                    Function 006C4897 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,006C4848,00000000,?,006C47E8,00000000,006F7CF8,0000000C,006C493F,00000000,00000002), ref: 006C48B7
                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006C48CA
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,006C4848,00000000,?,006C47E8,00000000,006F7CF8,0000000C,006C493F,00000000,00000002), ref: 006C48ED
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                    • Opcode ID: 278b83dbb28638b9227ad6f46b00e9cf1196673c7ef9bbdad51d618e6602f5d8
                                                                                                    • Instruction ID: 1127416e6b03c643e99482c3fdc9d90204b90c1d4db5bc79039b8dab5ced4f66
                                                                                                    • Opcode Fuzzy Hash: 278b83dbb28638b9227ad6f46b00e9cf1196673c7ef9bbdad51d618e6602f5d8
                                                                                                    • Instruction Fuzzy Hash: ECF03135A01218EBCB119F94EC59BEDBBAAEF44751F011169F909A6250DF709A40DB90
                                                                                                    Function 006D937F Relevance: 7.6, APIs: 5, Instructions: 119registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 006D9457
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 006D9492
                                                                                                    • RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000), ref: 006D94AE
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 006D94BB
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 006D94C8
                                                                                                      • Part of subcall function 006D0B49: RegCloseKey.ADVAPI32(00000000), ref: 006D0CA0
                                                                                                      • Part of subcall function 006D0E9B: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,006D9444,00000001), ref: 006D0EB3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$InfoOpenQuery
                                                                                                    • String ID:
                                                                                                    • API String ID: 796878624-0
                                                                                                    • Opcode ID: 6725fb2955938c2cc10393db98554405b5a0d9a9d525c57fad4bf5a6a256a7a1
                                                                                                    • Instruction ID: 8a0656558b722958fdd5218911d0b437a65730de101c65a896c966b0c9f7234e
                                                                                                    • Opcode Fuzzy Hash: 6725fb2955938c2cc10393db98554405b5a0d9a9d525c57fad4bf5a6a256a7a1
                                                                                                    • Instruction Fuzzy Hash: 5741FB76C01229BFDF11AF959D81DADFBBAEF04764F11417BE90066222C7324E519AA0
                                                                                                    Function 006988DE Relevance: 7.6, APIs: 5, Instructions: 118stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00698A9E,006995E7,?,006995E7,?,?,006995E7,?,?), ref: 006988FE
                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,00698A9E,006995E7,?,006995E7,?,?,006995E7,?,?), ref: 00698906
                                                                                                    • CompareStringW.KERNEL32(0000007F,?,?,?,?,00000000,?,00000000,00000000,?,?,00698A9E,006995E7,?,006995E7,?), ref: 00698955
                                                                                                    • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00698A9E,006995E7,?,006995E7,?), ref: 006989B7
                                                                                                    • CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,00000000,00000000,?,?,00698A9E,006995E7,?,006995E7,?), ref: 006989E4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString$lstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 1657112622-0
                                                                                                    • Opcode ID: b2b193f4fcace27d2b54faa8dee98a5386fe525d75b7fb52d905b590ed7295e7
                                                                                                    • Instruction ID: 1c58e3874a464389978ab7f65134933ef26efb3533db2fe060e1761e876d75cf
                                                                                                    • Opcode Fuzzy Hash: b2b193f4fcace27d2b54faa8dee98a5386fe525d75b7fb52d905b590ed7295e7
                                                                                                    • Instruction Fuzzy Hash: 4C317372A01119FFCF218E5CCC85AFE3F6FEB4A364F154016F9599B610C6318990DB92
                                                                                                    Function 006921BC Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00692202
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 0069220E
                                                                                                      • Part of subcall function 00693B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B59
                                                                                                      • Part of subcall function 00693B51: HeapSize.KERNEL32(00000000,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B60
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
                                                                                                    • String ID: strutil.cpp
                                                                                                    • API String ID: 3662877508-3612885251
                                                                                                    • Opcode ID: 0d3ae1bdd5a6877795c0bc2e1d9106feb143ffed9d85188f772590e6dc26cb51
                                                                                                    • Instruction ID: 9e7abe73660b3aed48fdacd9571b06a471cf953a58b5f2ab7b0ae2f7dc357b26
                                                                                                    • Opcode Fuzzy Hash: 0d3ae1bdd5a6877795c0bc2e1d9106feb143ffed9d85188f772590e6dc26cb51
                                                                                                    • Instruction Fuzzy Hash: 6831E732601227BBEF109B69CC54AAB779FEF45760B11422AFC15DB6A0EA30CD0197A4
                                                                                                    Function 0069738E Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(006952B5,WixBundleOriginalSource,?,?,006AA41D,006953B5,WixBundleOriginalSource,=Si,006FAA90,?,00000000,0069533D,?,006A7587,?,?), ref: 0069739A
                                                                                                    • LeaveCriticalSection.KERNEL32(006952B5,006952B5,00000000,00000000,?,?,006AA41D,006953B5,WixBundleOriginalSource,=Si,006FAA90,?,00000000,0069533D,?,006A7587), ref: 00697401
                                                                                                    Strings
                                                                                                    • Failed to get value of variable: %ls, xrefs: 006973D4
                                                                                                    • WixBundleOriginalSource, xrefs: 00697396
                                                                                                    • Failed to get value as string for variable: %ls, xrefs: 006973F0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
                                                                                                    • API String ID: 3168844106-30613933
                                                                                                    • Opcode ID: ff0cbc8772c26c96711cd96ac459b13c8e970a855c2bcee4971072ddf128191c
                                                                                                    • Instruction ID: 47a0f198fa6d249a5f7743fb737a38c6560caa53085cf5a37eb691fa26a85ff3
                                                                                                    • Opcode Fuzzy Hash: ff0cbc8772c26c96711cd96ac459b13c8e970a855c2bcee4971072ddf128191c
                                                                                                    • Instruction Fuzzy Hash: 98019E32965129FBCF115E50CC05A9E3B2BDF04761F118126FC04AAA20D7359E10E7D4
                                                                                                    Function 006BCEF5 Relevance: 7.5, APIs: 5, Instructions: 41fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(?,00000000,?,00000000,?,006BCEEB,00000000), ref: 006BCF10
                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,006BCEEB,00000000), ref: 006BCF1C
                                                                                                    • CloseHandle.KERNEL32(006DB508,00000000,?,00000000,?,006BCEEB,00000000), ref: 006BCF29
                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,006BCEEB,00000000), ref: 006BCF36
                                                                                                    • UnmapViewOfFile.KERNEL32(006DB4D8,00000000,?,006BCEEB,00000000), ref: 006BCF45
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$FileUnmapView
                                                                                                    • String ID:
                                                                                                    • API String ID: 260491571-0
                                                                                                    • Opcode ID: ea04403e3876c24e0e7ab3c809558ca8aac89b97ac3c327e856df7e2bc6921ea
                                                                                                    • Instruction ID: 43db25a6c41eb6dc4980c8ed4ed23b4b12a0943d41d91d714da41bbfca67a8e6
                                                                                                    • Opcode Fuzzy Hash: ea04403e3876c24e0e7ab3c809558ca8aac89b97ac3c327e856df7e2bc6921ea
                                                                                                    • Instruction Fuzzy Hash: A9014BB2405B15DFCB305F55D8908A6FBEBEF50721315D83EE29652A20C371A980DF80
                                                                                                    Function 006D79CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D7B2C
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D7B37
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D7B42
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeString$Heap$AllocateProcess
                                                                                                    • String ID: atomutil.cpp
                                                                                                    • API String ID: 2724874077-4059165915
                                                                                                    • Opcode ID: d4248fd5a737cbbc95f702fae74281f8e69a3d009c43d03c56a7b0880433a980
                                                                                                    • Instruction ID: ec870a207aac58e4c5f5499c953c6c3cb146557e4dd467fea1341d6c0a227732
                                                                                                    • Opcode Fuzzy Hash: d4248fd5a737cbbc95f702fae74281f8e69a3d009c43d03c56a7b0880433a980
                                                                                                    • Instruction Fuzzy Hash: EC517571E0522AAFDB11DF64C844FAEB7BAEF44754F15055AE905AB350EB30DE00CBA1
                                                                                                    Function 006D35A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantInit.OLEAUT32(000002C0), ref: 006D35BE
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 006D35CE
                                                                                                    • VariantClear.OLEAUT32(?), ref: 006D36AF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Variant$AllocClearInitString
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 2213243845-1270936966
                                                                                                    • Opcode ID: 5d0b89ab964a185e47359c94d137b494c4d3e3c68d428b1926449c979df9670f
                                                                                                    • Instruction ID: e000e57946c4ce40020d7df31eca6081dcc3dc761f8aebbffcbdaaa43bfb3111
                                                                                                    • Opcode Fuzzy Hash: 5d0b89ab964a185e47359c94d137b494c4d3e3c68d428b1926449c979df9670f
                                                                                                    • Instruction Fuzzy Hash: 6C417671D00676ABCB219FA5C888EAEBBB9AF45710F0545A6FD05EB311D770DD008BA1
                                                                                                    Function 006D0D1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,006B8BD8), ref: 006D0D77
                                                                                                    • RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,006B8BD8,00000000), ref: 006D0D99
                                                                                                    • RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000003,?,?,006B8BD8,00000000,00000000,00000000), ref: 006D0DF1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Enum$InfoQuery
                                                                                                    • String ID: regutil.cpp
                                                                                                    • API String ID: 73471667-955085611
                                                                                                    • Opcode ID: a3c0a95658a4215513130c4af4744ff4eef792908ba9ca46e8d36f680ed1b2a4
                                                                                                    • Instruction ID: 2c922b0fb2987afbc3d7925374abb5194e22c2df064c0f4e962dcbf1d7bbca5e
                                                                                                    • Opcode Fuzzy Hash: a3c0a95658a4215513130c4af4744ff4eef792908ba9ca46e8d36f680ed1b2a4
                                                                                                    • Instruction Fuzzy Hash: 5E316FB6D01129BFFB218A998D40AABB7AEEF08350F114167BD04EB250D7319E1196A4
                                                                                                    Function 006D78C5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D79AA
                                                                                                    • SysFreeString.OLEAUT32(?), ref: 006D79B5
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D79C0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeString$Heap$AllocateProcess
                                                                                                    • String ID: atomutil.cpp
                                                                                                    • API String ID: 2724874077-4059165915
                                                                                                    • Opcode ID: 4e05cd74ef5cc9328ff934e76dd94ea6050f458f0b19fd256d2be166a6c59edc
                                                                                                    • Instruction ID: e8ef78c163d670613f4c983de3ddd85fd8fe9eaca64cb6fa7bbcab1da259bb56
                                                                                                    • Opcode Fuzzy Hash: 4e05cd74ef5cc9328ff934e76dd94ea6050f458f0b19fd256d2be166a6c59edc
                                                                                                    • Instruction Fuzzy Hash: 8C318273D05229BFDB12ABA4CC55AAEB7AAAF44710F0141A6F904AF310E770DD049BA1
                                                                                                    Function 006B88CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,006B8C14,00000000,00000000), ref: 006B898C
                                                                                                    Strings
                                                                                                    • Failed to ensure there is space for related bundles., xrefs: 006B893F
                                                                                                    • Failed to initialize package from related bundle id: %ls, xrefs: 006B8972
                                                                                                    • Failed to open uninstall key for potential related bundle: %ls, xrefs: 006B88FB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                    • API String ID: 47109696-1717420724
                                                                                                    • Opcode ID: 2ec4abb58cb8eeb430ee4aff4bf26c819d246107dab21be183af5809f957372e
                                                                                                    • Instruction ID: b7350ae86edf91b90d4baf50d07cfcf1d1e0af383e4ab00ca39e7998dee66655
                                                                                                    • Opcode Fuzzy Hash: 2ec4abb58cb8eeb430ee4aff4bf26c819d246107dab21be183af5809f957372e
                                                                                                    • Instruction Fuzzy Hash: 0021927294021AFFDF12AE88CC02BFEBB6EEB00710F144159F90067150DB319A60EB91
                                                                                                    Function 00693A97 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(00000010,00000000,80004005,00000000,00000000,00000100,?,00691472,00000000,80004005,00000000,80004005,00000000,000001C7,?,006913B7), ref: 00693AB2
                                                                                                    • HeapReAlloc.KERNEL32(00000000,?,00691472,00000000,80004005,00000000,80004005,00000000,000001C7,?,006913B7,000001C7,00000100,?,80004005,00000000), ref: 00693AB9
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                      • Part of subcall function 00693B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B59
                                                                                                      • Part of subcall function 00693B51: HeapSize.KERNEL32(00000000,?,006921DC,000001C7,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 00693B60
                                                                                                    • _memcpy_s.LIBCMT ref: 00693B04
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$Process$AllocAllocateSize_memcpy_s
                                                                                                    • String ID: memutil.cpp
                                                                                                    • API String ID: 3406509257-2429405624
                                                                                                    • Opcode ID: f2708e82fd43d6e6e9a9d4aa901e7c519b7478d473c6c9e51fcddd575977f1f8
                                                                                                    • Instruction ID: c4580a568de97d1aee9819d6bad589d87fe626a03c18323cc9d62840f719be77
                                                                                                    • Opcode Fuzzy Hash: f2708e82fd43d6e6e9a9d4aa901e7c519b7478d473c6c9e51fcddd575977f1f8
                                                                                                    • Instruction Fuzzy Hash: F6110F31602238AFDF212E68DC45DAA3A5FDF64760B010219F9248B794C771CE5093A4
                                                                                                    Function 006A3955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,006A3E61,feclient.dll,?,00000000,?,?,?,00694A0C), ref: 006A39F1
                                                                                                      • Part of subcall function 006D0F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 006D0FE4
                                                                                                      • Part of subcall function 006D0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 006D101F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$CloseOpen
                                                                                                    • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                    • API String ID: 1586453840-3596319545
                                                                                                    • Opcode ID: 5e0aa6e6d10bbaff4614c7437647fcf4005458c3121a67159fb160b31d538316
                                                                                                    • Instruction ID: 5b6098997f659e74d728d90a2d0612762df71b77d8fbded7126713c09a75702d
                                                                                                    • Opcode Fuzzy Hash: 5e0aa6e6d10bbaff4614c7437647fcf4005458c3121a67159fb160b31d538316
                                                                                                    • Instruction Fuzzy Hash: 29119332A40328BBDB21AA95CD46AEFB7BAEF02741F504066F50597350F6B15F81DB50
                                                                                                    Function 006D5BBF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D5D7F: lstrlenW.KERNEL32(?), ref: 006D5E3D
                                                                                                      • Part of subcall function 006D5D7F: lstrlenW.KERNEL32(?), ref: 006D5E55
                                                                                                      • Part of subcall function 006D88BE: GetLastError.KERNEL32(?,?,Qdm,006D5C11,feclient.dll,006DB4C0,006DB508,006DB4F0,HEAD,00000000,006DB4D8,Qdm,00000000,?,?,00000000), ref: 006D88E8
                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(006DB478,feclient.dll,006DB478,feclient.dll,006DB4C0,006DB508,006DB4F0,HEAD,00000000,006DB4D8,Qdm,00000000,?,?,00000000,00000000), ref: 006D5C3D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Timelstrlen$ErrorFileLastSystem
                                                                                                    • String ID: HEAD$Qdm$feclient.dll
                                                                                                    • API String ID: 451455982-3523278029
                                                                                                    • Opcode ID: 59db176e5d7f498fafe6d7babdb9479364a6bb080fd6c76af571d0f8248ae229
                                                                                                    • Instruction ID: 7f02677fb8416992ba830cea116c0999f24c32e8e14496b7ae498551f21e46a5
                                                                                                    • Opcode Fuzzy Hash: 59db176e5d7f498fafe6d7babdb9479364a6bb080fd6c76af571d0f8248ae229
                                                                                                    • Instruction Fuzzy Hash: BD216F76D0160DAFCB01DFA4CD809EEB7BAFF49354B11412AF905A3310EB319E509AA1
                                                                                                    Function 006D0658 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,?,006CFF0B,?,?,00000000,00000000,0000FDE9), ref: 006D066A
                                                                                                    • WriteFile.KERNEL32(FFFFFFFF,00000000,00000000,00000000,00000000,?,?,006CFF0B,?,?,00000000,00000000,0000FDE9), ref: 006D06A6
                                                                                                    • GetLastError.KERNEL32(?,?,006CFF0B,?,?,00000000,00000000,0000FDE9), ref: 006D06B0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWritelstrlen
                                                                                                    • String ID: logutil.cpp
                                                                                                    • API String ID: 606256338-3545173039
                                                                                                    • Opcode ID: 25ebcad2ead243d6cabd7885e833edacd1c0686a78fa4c9a37ae107eed926476
                                                                                                    • Instruction ID: 9dedd9ff5e85fab66420b4f3f2ca26cb7dae3a7514aefcfc3e3dd1bbe2c7f719
                                                                                                    • Opcode Fuzzy Hash: 25ebcad2ead243d6cabd7885e833edacd1c0686a78fa4c9a37ae107eed926476
                                                                                                    • Instruction Fuzzy Hash: 1511C672E01225ABA7109AAA9C44EEFBB6EEBC4760F014216FD05D7340D630DD10C6F4
                                                                                                    Function 006BCF56 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00000002,00000000,?,?,006BD1DC,00000000,00000000,00000000,?), ref: 006BCF66
                                                                                                    • ReleaseMutex.KERNEL32(?,?,006BD1DC,00000000,00000000,00000000,?), ref: 006BCFED
                                                                                                      • Part of subcall function 006938D4: GetProcessHeap.KERNEL32(?,000001C7,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938E5
                                                                                                      • Part of subcall function 006938D4: RtlAllocateHeap.NTDLL(00000000,?,00692284,000001C7,00000001,80004005,8007139F,?,?,006D015F,8007139F,?,00000000,00000000,8007139F), ref: 006938EC
                                                                                                    Strings
                                                                                                    • Failed to allocate memory for message data, xrefs: 006BCFB5
                                                                                                    • NetFxChainer.cpp, xrefs: 006BCFAB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait
                                                                                                    • String ID: Failed to allocate memory for message data$NetFxChainer.cpp
                                                                                                    • API String ID: 2993511968-1624333943
                                                                                                    • Opcode ID: 97ffbe7a07769b763de420291e2bb23d4846f5e073d19eb1d3a8065c52ab0c08
                                                                                                    • Instruction ID: 4fdfc7a6a4c4d3a600247e08e943fddfb181a59c5bf21b6724c3b8ba95d5f18c
                                                                                                    • Opcode Fuzzy Hash: 97ffbe7a07769b763de420291e2bb23d4846f5e073d19eb1d3a8065c52ab0c08
                                                                                                    • Instruction Fuzzy Hash: F111C4B1300216EFDB04DF28DC55EAABBAAFF09320F104169F9148B761C731AC10CBA4
                                                                                                    Function 00691F78 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FormatMessageW.KERNEL32(000011FF,00695386,?,00000000,00000000,00000000,?,80070656,?,?,?,006AE50B,00000000,00695386,00000000,80070656), ref: 00691FAA
                                                                                                    • GetLastError.KERNEL32(?,?,?,006AE50B,00000000,00695386,00000000,80070656,?,?,006A3F6B,00695386,?,80070656,00000001,crypt32.dll), ref: 00691FB7
                                                                                                    • LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,006AE50B,00000000,00695386,00000000,80070656,?,?,006A3F6B,00695386), ref: 00691FFE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                    • String ID: strutil.cpp
                                                                                                    • API String ID: 1365068426-3612885251
                                                                                                    • Opcode ID: b66f4702f1b876a9f3e9090af089d21c15e0e4bdd48749d673c8a772f827d374
                                                                                                    • Instruction ID: fb6c93b76052f6fd0e741901211a589dce42d4f2ae0755a829926faf16774de7
                                                                                                    • Opcode Fuzzy Hash: b66f4702f1b876a9f3e9090af089d21c15e0e4bdd48749d673c8a772f827d374
                                                                                                    • Instruction Fuzzy Hash: ED115EB6D01229FBEF159F94CC09AEE7AAAEB08350F11416ABD11E6650E7714E10D7E0
                                                                                                    Function 006AFC51 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • Failed to allocate new BootstrapperEngineForApplication object., xrefs: 006AFC8E
                                                                                                    • Failed to QI for IBootstrapperEngine from BootstrapperEngineForApplication object., xrefs: 006AFCB0
                                                                                                    • EngineForApplication.cpp, xrefs: 006AFC84
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: EngineForApplication.cpp$Failed to QI for IBootstrapperEngine from BootstrapperEngineForApplication object.$Failed to allocate new BootstrapperEngineForApplication object.
                                                                                                    • API String ID: 0-1509993410
                                                                                                    • Opcode ID: 040dd4ee62318c2f0308eb6096cdfb52026a3a5d9859e0bc2aef8c205fa82254
                                                                                                    • Instruction ID: 1a018b04c1dbda5a64fe1e955399289043d552b11e7845dfb02b6a36846822cc
                                                                                                    • Opcode Fuzzy Hash: 040dd4ee62318c2f0308eb6096cdfb52026a3a5d9859e0bc2aef8c205fa82254
                                                                                                    • Instruction Fuzzy Hash: 13F049322407267B971237A7DC02E9F775BCF42770B11002EFC05AA390EF619D01897A
                                                                                                    Function 006D4C67 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(006DB4F0,40000000,00000001,00000000,00000002,00000080,00000000,006A0328,00000000,?,0069F37F,?,00000080,006DB4F0,00000000), ref: 006D4C7F
                                                                                                    • GetLastError.KERNEL32(?,0069F37F,?,00000080,006DB4F0,00000000,?,006A0328,?,00000094,?,?,?,?,?,00000000), ref: 006D4C8C
                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,0069F37F,?,0069F37F,?,00000080,006DB4F0,00000000,?,006A0328,?,00000094), ref: 006D4CE0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorFileHandleLast
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 2528220319-2967768451
                                                                                                    • Opcode ID: f854e16bb7b6b16bcb6c370d0d9740d5182915dc25aafe0bf2d3ebbcb04a744e
                                                                                                    • Instruction ID: 2c6f70205663edc8fce5d6b6506f0ab0f06d1ce33bdb629f1eeec5f50beea0d2
                                                                                                    • Opcode Fuzzy Hash: f854e16bb7b6b16bcb6c370d0d9740d5182915dc25aafe0bf2d3ebbcb04a744e
                                                                                                    • Instruction Fuzzy Hash: 7B01AC32F5222467D7315E699C45F9B3A96DB81770F124216FE24E72E0CB318C1197A4
                                                                                                    Function 006D4840 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,00000080,00000001,00000000,00000003,00000080,00000000,000002C0,00000000,?,006B8A30,00000000,00000088,000002C0,BundleCachePath,00000000), ref: 006D4874
                                                                                                    • GetLastError.KERNEL32(?,006B8A30,00000000,00000088,000002C0,BundleCachePath,00000000,000002C0,BundleVersion,000000B8,000002C0,EngineVersion,000002C0,000000B0), ref: 006D4881
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorFileLast
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 1214770103-2967768451
                                                                                                    • Opcode ID: 0c2561e63a2a22f4c592e6ec7b9adbfdef71b81308f2d9a672be2167e6a5f1c7
                                                                                                    • Instruction ID: 4b5e5f4c3efb3025dab9410bd304f2223f0178f9230698be6e5436a1cb535f3b
                                                                                                    • Opcode Fuzzy Hash: 0c2561e63a2a22f4c592e6ec7b9adbfdef71b81308f2d9a672be2167e6a5f1c7
                                                                                                    • Instruction Fuzzy Hash: 6F01AE32F41220B7F76126A5AC05F7B269ADB44BA1F114227FE15FB6D0CA758D0152F4
                                                                                                    Function 006B69A8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48serviceCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ControlService.ADVAPI32(006B68BA,00000001,?,00000001,00000000,?,?,?,?,?,?,006B68BA,00000000), ref: 006B69D0
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,006B68BA,00000000), ref: 006B69DA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ControlErrorLastService
                                                                                                    • String ID: Failed to stop wusa service.$msuengine.cpp
                                                                                                    • API String ID: 4114567744-2259829683
                                                                                                    • Opcode ID: 83988d3068bf339b5e7d0de0734189490da80a568e7129f75bdc98a58a35488b
                                                                                                    • Instruction ID: 49bb77b957ce821b0eda408879b2c432ecc0b101b313640b21a8a5ce8a00b698
                                                                                                    • Opcode Fuzzy Hash: 83988d3068bf339b5e7d0de0734189490da80a568e7129f75bdc98a58a35488b
                                                                                                    • Instruction Fuzzy Hash: 6001D072B41324A7E7109BB59C05BEB77D9DB48710F01412EFD04FB180DA249D4586D5
                                                                                                    Function 006AEA72 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009002,00000000,?), ref: 006AEA9A
                                                                                                    • GetLastError.KERNEL32 ref: 006AEAA4
                                                                                                    Strings
                                                                                                    • EngineForApplication.cpp, xrefs: 006AEAC8
                                                                                                    • Failed to post elevate message., xrefs: 006AEAD2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post elevate message.
                                                                                                    • API String ID: 2609174426-4098423239
                                                                                                    • Opcode ID: 481d046bed4d17363acc1cb498d01e162766deae145982cd418840c9ad148198
                                                                                                    • Instruction ID: a9631876228e27caa06cc40d7b8d9bc85e014b095fdc1a5b3aac3ed393f9f587
                                                                                                    • Opcode Fuzzy Hash: 481d046bed4d17363acc1cb498d01e162766deae145982cd418840c9ad148198
                                                                                                    • Instruction Fuzzy Hash: 19F09C367413309BD72066999C45B9777C6EF05760F12422ABE15EA291D7168C0186D5
                                                                                                    Function 0069D7CF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0069D7F6
                                                                                                    • FreeLibrary.KERNEL32(?,?,006947D1,00000000,?,?,00695386,?,?), ref: 0069D805
                                                                                                    • GetLastError.KERNEL32(?,006947D1,00000000,?,?,00695386,?,?), ref: 0069D80F
                                                                                                    Strings
                                                                                                    • BootstrapperApplicationDestroy, xrefs: 0069D7EE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorFreeLastLibraryProc
                                                                                                    • String ID: BootstrapperApplicationDestroy
                                                                                                    • API String ID: 1144718084-3186005537
                                                                                                    • Opcode ID: 69d64d5dc2ada750db6716fd915293badc173b655a36a2a638c9e35161e61799
                                                                                                    • Instruction ID: d6a7e524974743b8074ff0f7dd161a963e772193b9b1f632172f50c3520da5fc
                                                                                                    • Opcode Fuzzy Hash: 69d64d5dc2ada750db6716fd915293badc173b655a36a2a638c9e35161e61799
                                                                                                    • Instruction Fuzzy Hash: 4AF06236600700DFDB205FA6DC04AA7B7EAFF80362B01C53EE566C6A20D735E800CB60
                                                                                                    Function 006D3C58 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,^Si,?,00000000,0069535E,?,?,?), ref: 006D3C7F
                                                                                                    • CoCreateInstance.OLE32(00000000,00000000,00000001,006F6F3C,?), ref: 006D3C97
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateFromInstanceProg
                                                                                                    • String ID: Microsoft.Update.AutoUpdate$^Si
                                                                                                    • API String ID: 2151042543-1681103030
                                                                                                    • Opcode ID: d97aa90bc67e3dc4868f19661ee3a5d4be45276a1f3b355a629a0cd5fbe812eb
                                                                                                    • Instruction ID: 33470508eb71829b41b1cf95efc377db52f26cb904a0fc374a19851787e109cd
                                                                                                    • Opcode Fuzzy Hash: d97aa90bc67e3dc4868f19661ee3a5d4be45276a1f3b355a629a0cd5fbe812eb
                                                                                                    • Instruction Fuzzy Hash: 5FF03071A1121CBBDB10DFA8DD06DFBB7BADB08710F42106AFA01E7150DA70AA0486A2
                                                                                                    Function 006AF086 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 006AF09B
                                                                                                    • GetLastError.KERNEL32 ref: 006AF0A5
                                                                                                    Strings
                                                                                                    • Failed to post plan message., xrefs: 006AF0D3
                                                                                                    • EngineForApplication.cpp, xrefs: 006AF0C9
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                    • API String ID: 2609174426-2952114608
                                                                                                    • Opcode ID: 2be62a08b21dbb535a0ffe5ea0e7e792904adc72a0fb3525ba7391befb95710b
                                                                                                    • Instruction ID: 5756befb03ce996839ecfe22a2e1565f7148d5f46350e47a579c3eba1698b4df
                                                                                                    • Opcode Fuzzy Hash: 2be62a08b21dbb535a0ffe5ea0e7e792904adc72a0fb3525ba7391befb95710b
                                                                                                    • Instruction Fuzzy Hash: 5AF0EC32B41330BBE76126EA9C05F877BCADF05BA0F034026FD0CEA191D6158C0085E5
                                                                                                    Function 006AF194 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 006AF1A9
                                                                                                    • GetLastError.KERNEL32 ref: 006AF1B3
                                                                                                    Strings
                                                                                                    • Failed to post shutdown message., xrefs: 006AF1E1
                                                                                                    • EngineForApplication.cpp, xrefs: 006AF1D7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                    • API String ID: 2609174426-188808143
                                                                                                    • Opcode ID: 39434ce15eb54fa843ca23c5bf5d2c2408c9c99c53b35d3b90bef063a73a8fdc
                                                                                                    • Instruction ID: c9d8a2d11c4d529680f1f1400ac89ba4116d75d14e605c93a5f6003fe8d27ea0
                                                                                                    • Opcode Fuzzy Hash: 39434ce15eb54fa843ca23c5bf5d2c2408c9c99c53b35d3b90bef063a73a8fdc
                                                                                                    • Instruction Fuzzy Hash: A6F0A732B41330ABE7206AEA9C09E877BCAEF05B60F034026BD18E6590D6518D0086E5
                                                                                                    Function 006B051A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetEvent.KERNEL32(006DB468,00000000,?,006B145A,?,00000000,?,0069C121,?,006952FD,?,006A73B2,?,?,006952FD,?), ref: 006B0524
                                                                                                    • GetLastError.KERNEL32(?,006B145A,?,00000000,?,0069C121,?,006952FD,?,006A73B2,?,?,006952FD,?,0069533D,00000001), ref: 006B052E
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 006B0552
                                                                                                    • Failed to set begin operation event., xrefs: 006B055C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorEventLast
                                                                                                    • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                    • API String ID: 3848097054-4159625223
                                                                                                    • Opcode ID: fa8838a261ac62ead7dc6dc8078dd8fd16ea22e7f43b5147c0e4c26d73bdf89f
                                                                                                    • Instruction ID: 813a78a529a78c59e04c22adf4b329bd37f1473890902f600eb27221294f481e
                                                                                                    • Opcode Fuzzy Hash: fa8838a261ac62ead7dc6dc8078dd8fd16ea22e7f43b5147c0e4c26d73bdf89f
                                                                                                    • Instruction Fuzzy Hash: FFF0A773E01730A6AB2066FA6D05ADB76DADF05760B02112AFD09E7550E6149D4046E9
                                                                                                    Function 006AE978 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 006AE98D
                                                                                                    • GetLastError.KERNEL32 ref: 006AE997
                                                                                                    Strings
                                                                                                    • EngineForApplication.cpp, xrefs: 006AE9BB
                                                                                                    • Failed to post apply message., xrefs: 006AE9C5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                    • API String ID: 2609174426-1304321051
                                                                                                    • Opcode ID: 0dfae2543c291c1c0ff379e6aff768f8b6c036258bf351107bae5d5bd823d540
                                                                                                    • Instruction ID: b3c7a5e7a5ff9239a63ab95745c522554081210dce99f37a8bb0bb7d8735de1e
                                                                                                    • Opcode Fuzzy Hash: 0dfae2543c291c1c0ff379e6aff768f8b6c036258bf351107bae5d5bd823d540
                                                                                                    • Instruction Fuzzy Hash: ACF0EC32B413306BE76136AA9C05F877BCADF04BA0F030027FD08EA191D6218D00D6E5
                                                                                                    Function 006AEA09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 006AEA1E
                                                                                                    • GetLastError.KERNEL32 ref: 006AEA28
                                                                                                    Strings
                                                                                                    • Failed to post detect message., xrefs: 006AEA56
                                                                                                    • EngineForApplication.cpp, xrefs: 006AEA4C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                    • API String ID: 2609174426-598219917
                                                                                                    • Opcode ID: 2a9e2e000dead946bb0a64585192c71823696d93c2c4f9b0a970313db122fdde
                                                                                                    • Instruction ID: 500dfa15ede1f400931523b87da2f8fb73f787babfa2be8b96104505a2d1ab8e
                                                                                                    • Opcode Fuzzy Hash: 2a9e2e000dead946bb0a64585192c71823696d93c2c4f9b0a970313db122fdde
                                                                                                    • Instruction Fuzzy Hash: C5F0EC32F413306FE72066AA9C05F877BCAEF05BA0F034116FD08EA190D6119D00C6E8
                                                                                                    Function 006C90AA Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,?,006C234D,00000000,00000000,006C3382,?,006C3382,?,00000001,006C234D,?,00000001,006C3382,006C3382), ref: 006C90F7
                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006C9180
                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 006C9192
                                                                                                    • __freea.LIBCMT ref: 006C919B
                                                                                                      • Part of subcall function 006C5154: HeapAlloc.KERNEL32(00000000,?,?,?,006C1E90,?,0000015D,?,?,?,?,006C32E9,000000FF,00000000,?,?), ref: 006C5186
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$AllocHeapStringType__freea
                                                                                                    • String ID:
                                                                                                    • API String ID: 573072132-0
                                                                                                    • Opcode ID: c48b2bfa56b8c98d9b869a153ff95e0e622d9dc3c9801837f39a4f5e2dae64ad
                                                                                                    • Instruction ID: 3468e69cccd3512e38ec1cc5a94e56d94bcda503ccd69c639c6ba946a5d12963
                                                                                                    • Opcode Fuzzy Hash: c48b2bfa56b8c98d9b869a153ff95e0e622d9dc3c9801837f39a4f5e2dae64ad
                                                                                                    • Instruction Fuzzy Hash: 7531D072A0020AABDF249F65CC4AEFE7BA6EB01310B09412DFC04DA250EB35DD55CBA0
                                                                                                    Function 00694E9C Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,?,0069545F,?,?,?,?,?,?), ref: 00694EF6
                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000000,?,0069545F,?,?,?,?,?,?), ref: 00694F0A
                                                                                                    • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0069545F,?,?), ref: 00694FF9
                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0069545F,?,?), ref: 00695000
                                                                                                      • Part of subcall function 00691160: LocalFree.KERNEL32(?,?,00694EB3,?,00000000,?,0069545F,?,?,?,?,?,?), ref: 0069116A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalDeleteFreeSection$CloseHandleLocal
                                                                                                    • String ID:
                                                                                                    • API String ID: 3671900028-0
                                                                                                    • Opcode ID: 7b1a88307bbe664ee02851139e28610e3ed66954be48d25ec5144b36e12ec227
                                                                                                    • Instruction ID: 58edecf7db5ed233cc5ddb77a45ec024a103d544bec3cb5a84391f37f039edc9
                                                                                                    • Opcode Fuzzy Hash: 7b1a88307bbe664ee02851139e28610e3ed66954be48d25ec5144b36e12ec227
                                                                                                    • Instruction Fuzzy Hash: 1641CB71900B05AACE60EBB4C849FDB73DEAF04341F44081EB65AD3951DF34E5458729
                                                                                                    Function 006D5F0F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast
                                                                                                    • String ID: Hho$dlutil.cpp
                                                                                                    • API String ID: 1452528299-60508681
                                                                                                    • Opcode ID: 7046432dfeaf07ddd0df171ad0da503dd2e7bdad54176b20cb388562b5c49def
                                                                                                    • Instruction ID: 569902b923c402ff6dbfcfe4a1614f7583b1cbc75f6b043a1e1d76a3bb19ee56
                                                                                                    • Opcode Fuzzy Hash: 7046432dfeaf07ddd0df171ad0da503dd2e7bdad54176b20cb388562b5c49def
                                                                                                    • Instruction Fuzzy Hash: 6D31C472D00725ABEF219EA9CD44BAB76EEEF44750B12012AFD15E7350D735CD0096B0
                                                                                                    Function 006D3119 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 006D312C
                                                                                                    • VariantInit.OLEAUT32(?), ref: 006D3138
                                                                                                    • VariantClear.OLEAUT32(?), ref: 006D31AC
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D31B7
                                                                                                      • Part of subcall function 006D336E: SysAllocString.OLEAUT32(?), ref: 006D3383
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocVariant$ClearFreeInit
                                                                                                    • String ID:
                                                                                                    • API String ID: 347726874-0
                                                                                                    • Opcode ID: 7dbe7d2f8c1895d09884d05865800d019aafce835ef3ff08fee0fc5b67725627
                                                                                                    • Instruction ID: c43e48d41f02cc6cd775610b3dcc934785b3c202c530106eeffee162aee11b20
                                                                                                    • Opcode Fuzzy Hash: 7dbe7d2f8c1895d09884d05865800d019aafce835ef3ff08fee0fc5b67725627
                                                                                                    • Instruction Fuzzy Hash: 0221FA31D0122AEBCB24DFA5CC48EAEBBBABF45715F15415EE9019B310DB319E05CBA1
                                                                                                    Function 00694B80 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0069F7F7: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,00694B9F,?,?,00000001), ref: 0069F847
                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,?,?), ref: 00694C06
                                                                                                      • Part of subcall function 006D082D: CreateProcessW.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,00000000), ref: 006D089A
                                                                                                      • Part of subcall function 006D082D: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 006D08A4
                                                                                                      • Part of subcall function 006D082D: CloseHandle.KERNEL32(?,?,?,?,?,00000000,00000000,00000000), ref: 006D08ED
                                                                                                      • Part of subcall function 006D082D: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 006D08FA
                                                                                                    Strings
                                                                                                    • Failed to re-launch bundle process after RunOnce: %ls, xrefs: 00694BF0
                                                                                                    • Failed to get current process path., xrefs: 00694BC4
                                                                                                    • Unable to get resume command line from the registry, xrefs: 00694BA5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$Handle$CreateErrorLastProcess
                                                                                                    • String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
                                                                                                    • API String ID: 1572399834-642631345
                                                                                                    • Opcode ID: 9aac1cc87e72d3f57f67dfa39c0e3b9129f3df1b13c6d7ba4ac5ba104b97f45d
                                                                                                    • Instruction ID: de434a16fe83e876e0771dc0c9a4330b1f56396200ff444ee1ea6b8ca5ddd349
                                                                                                    • Opcode Fuzzy Hash: 9aac1cc87e72d3f57f67dfa39c0e3b9129f3df1b13c6d7ba4ac5ba104b97f45d
                                                                                                    • Instruction Fuzzy Hash: 09117F75D01518FB8F22AB94DD01DEDFBFEEF44710F1141ABE801A2714DB318A42AB85
                                                                                                    Function 006C8731 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006C88D5,00000000,00000000,?,006C86D8,006C88D5,00000000,00000000,00000000,?,006C88D5,00000006,FlsSetValue), ref: 006C8763
                                                                                                    • GetLastError.KERNEL32(?,006C86D8,006C88D5,00000000,00000000,00000000,?,006C88D5,00000006,FlsSetValue,006F2208,006F2210,00000000,00000364,?,006C6130), ref: 006C876F
                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,006C86D8,006C88D5,00000000,00000000,00000000,?,006C88D5,00000006,FlsSetValue,006F2208,006F2210,00000000), ref: 006C877D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 3177248105-0
                                                                                                    • Opcode ID: 9958c809bae6273cdae0ba6bcd3c8c89aab3a98f101c84581e03d6cf12f81b63
                                                                                                    • Instruction ID: 495b1b0869080cb6820357c4677d623fb0f220ca65f6baca1ae47b2a7afb62f0
                                                                                                    • Opcode Fuzzy Hash: 9958c809bae6273cdae0ba6bcd3c8c89aab3a98f101c84581e03d6cf12f81b63
                                                                                                    • Instruction Fuzzy Hash: 800184366122269FC7314A69AC44FBE779AEF45BA17352629E916E7240EB20DC01C6F0
                                                                                                    Function 006C605E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,00000000,006C19F5,00000000,80004004,?,006C1CF9,00000000,80004004,00000000,00000000), ref: 006C6062
                                                                                                    • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 006C60CA
                                                                                                    • SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 006C60D6
                                                                                                    • _abort.LIBCMT ref: 006C60DC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$_abort
                                                                                                    • String ID:
                                                                                                    • API String ID: 88804580-0
                                                                                                    • Opcode ID: db5a391a01cf75b09c2917f8cdca32ebfdd757d416d849b34118d0c2e73a9a96
                                                                                                    • Instruction ID: f5ef0675db0e606325e5c040fc3e2b239603bd6fd10250bd541e039a5ce43f7c
                                                                                                    • Opcode Fuzzy Hash: db5a391a01cf75b09c2917f8cdca32ebfdd757d416d849b34118d0c2e73a9a96
                                                                                                    • Instruction Fuzzy Hash: 78F0F432600A006AC3623334AD0EF7B269BCBC1B71F2A011DF81AB3691FF209842517E
                                                                                                    Function 0069730C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00697318
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 0069737F
                                                                                                    Strings
                                                                                                    • Failed to get value as numeric for variable: %ls, xrefs: 0069736E
                                                                                                    • Failed to get value of variable: %ls, xrefs: 00697352
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
                                                                                                    • API String ID: 3168844106-4270472870
                                                                                                    • Opcode ID: 0ab0bf46278df467cbbf3d4096fa18e45382d65fb2ab2cc8ad54e970ab1bc3bd
                                                                                                    • Instruction ID: a48ba63a9973ad5aaa5e2ce71e7926613e93959c7163156a8e8d6fd853c8015b
                                                                                                    • Opcode Fuzzy Hash: 0ab0bf46278df467cbbf3d4096fa18e45382d65fb2ab2cc8ad54e970ab1bc3bd
                                                                                                    • Instruction Fuzzy Hash: 5D015A32965129FBCF126E64CC05A9E3B6FAF04720F018166FD04AA620C3369A50ABD4
                                                                                                    Function 00697481 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0069748D
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 006974F4
                                                                                                    Strings
                                                                                                    • Failed to get value as version for variable: %ls, xrefs: 006974E3
                                                                                                    • Failed to get value of variable: %ls, xrefs: 006974C7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
                                                                                                    • API String ID: 3168844106-1851729331
                                                                                                    • Opcode ID: fc9c00bc95fe8f36890fcb83166179a4015418a2392cc6ef43504dc394752c83
                                                                                                    • Instruction ID: 44b40b47774f4cec2a42c24d670257f5902df5d8cd2eefb1d36dd45a6181b2ea
                                                                                                    • Opcode Fuzzy Hash: fc9c00bc95fe8f36890fcb83166179a4015418a2392cc6ef43504dc394752c83
                                                                                                    • Instruction Fuzzy Hash: D1015E3295512DFBCF125A54CC05A9E7FAE9F10B21F118126FD04AA721C3359E10A7E5
                                                                                                    Function 00697410 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,00699752,00000000,?,00000000,00000000,00000000,?,00699590,00000000,?,00000000,00000000), ref: 0069741C
                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,00699752,00000000,?,00000000,00000000,00000000,?,00699590,00000000,?,00000000), ref: 00697472
                                                                                                    Strings
                                                                                                    • Failed to copy value of variable: %ls, xrefs: 00697461
                                                                                                    • Failed to get value of variable: %ls, xrefs: 00697442
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
                                                                                                    • API String ID: 3168844106-2936390398
                                                                                                    • Opcode ID: 5a990c006af07b2605e613e653cfb110a33bf1a050e3c2a1c25fb1fdc47477a6
                                                                                                    • Instruction ID: 41fb04e6cc8b1629da65090ddb74c3d017b197c8ad7575d2342693884fa43f1e
                                                                                                    • Opcode Fuzzy Hash: 5a990c006af07b2605e613e653cfb110a33bf1a050e3c2a1c25fb1fdc47477a6
                                                                                                    • Instruction Fuzzy Hash: EAF08C32D50129FBCF126F94CC05E9E7FAAEF05760F018025FD04AA321D3329A20ABD5
                                                                                                    Function 006D88BE Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,Qdm,006D5C11,feclient.dll,006DB4C0,006DB508,006DB4F0,HEAD,00000000,006DB4D8,Qdm,00000000,?,?,00000000), ref: 006D88E8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast
                                                                                                    • String ID: Qdm$feclient.dll$inetutil.cpp
                                                                                                    • API String ID: 1452528299-1378665842
                                                                                                    • Opcode ID: f8a56172d41694faaff16481e8b7477dc4d2bb5697b04b70265f414e72506934
                                                                                                    • Instruction ID: b7743bd1d4f80fae5d04c17cabc46cbb0a2eb9b06ad4399570acaba1fd15678d
                                                                                                    • Opcode Fuzzy Hash: f8a56172d41694faaff16481e8b7477dc4d2bb5697b04b70265f414e72506934
                                                                                                    • Instruction Fuzzy Hash: 17F062B2A01228ABD7109F99CC09FEBBBADEB04751F018157FD45EB244EB709A4097F1
                                                                                                    Function 006C1246 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 006C1246
                                                                                                    • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 006C124B
                                                                                                    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 006C1250
                                                                                                      • Part of subcall function 006C1548: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 006C1559
                                                                                                    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 006C1265
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                    • String ID:
                                                                                                    • API String ID: 1761009282-0
                                                                                                    • Opcode ID: 294756368ebb91e0d837f8d85631f380e5f2af2aa371e18ba28d844398db2aca
                                                                                                    • Instruction ID: c85beed1b5e042702df00c42eb00289b3dd10e76d8b6ae1249f19007340923a9
                                                                                                    • Opcode Fuzzy Hash: 294756368ebb91e0d837f8d85631f380e5f2af2aa371e18ba28d844398db2aca
                                                                                                    • Instruction Fuzzy Hash: C4C04C4C004201546ED037F52242FFD2387CCE33857D010CEF8669F607591E066B303A
                                                                                                    Function 006D85CB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SystemTimeToFileTime.KERNEL32(?,00000000,00000000,006DB4C0,00000000,006DB4C0,00000000,00000000,00000000), ref: 006D86D8
                                                                                                    • GetLastError.KERNEL32 ref: 006D86E2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$ErrorFileLastSystem
                                                                                                    • String ID: timeutil.cpp
                                                                                                    • API String ID: 2781989572-3204814302
                                                                                                    • Opcode ID: 49e39c606c9c38c238ffa5428d4798696b8e9f1e558b2e5a2e8f7a3da1088017
                                                                                                    • Instruction ID: a3a880bfc865101f25592b72bb2bcc4b5f4d842ad21843f3fa752be81a687b9b
                                                                                                    • Opcode Fuzzy Hash: 49e39c606c9c38c238ffa5428d4798696b8e9f1e558b2e5a2e8f7a3da1088017
                                                                                                    • Instruction Fuzzy Hash: 8141E771E402557AEB249FB88D49FBF77ABEF80725F14851EB501A7390D931CE0183A9
                                                                                                    Function 006D4661 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000003,?,00000000,00000000,00000101), ref: 006D47C2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                    • API String ID: 47109696-3023217399
                                                                                                    • Opcode ID: 1e5d1ecc67eb094815a1e8e0a37d3135b477b9cdee0227b243ea7be7ca2a44a2
                                                                                                    • Instruction ID: 02d81d4ded286fdfc7a0869dbd78aaab8ca642e49a3dde0cad64ed71a2424993
                                                                                                    • Opcode Fuzzy Hash: 1e5d1ecc67eb094815a1e8e0a37d3135b477b9cdee0227b243ea7be7ca2a44a2
                                                                                                    • Instruction Fuzzy Hash: 79416D75E00219EBCB20DF95C9819AEBBBBEF46B10F2140ABE505AB311DF719E51CB50
                                                                                                    Function 006D0B49 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 006D0CA0
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: regutil.cpp
                                                                                                    • API String ID: 47109696-955085611
                                                                                                    • Opcode ID: d08e35a10c8b92ee7b433653764408bd219137f4ac3f2fb99a4977279a15abf5
                                                                                                    • Instruction ID: ae52b311838daa2bf6e04357d7db9352c4eb726f8ecc5eaecb777236efaf07fa
                                                                                                    • Opcode Fuzzy Hash: d08e35a10c8b92ee7b433653764408bd219137f4ac3f2fb99a4977279a15abf5
                                                                                                    • Instruction Fuzzy Hash: DE41C132E11229FBFF215AA5DD04BAE7AA7AB04315F11826BFD05AB360D3358E00D794
                                                                                                    Function 006D0F6E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 006D0FE4
                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 006D101F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue
                                                                                                    • String ID: regutil.cpp
                                                                                                    • API String ID: 3660427363-955085611
                                                                                                    • Opcode ID: b037c659eb8845ef9b809c37cd833165d4527967135c59efa62224cce223aa71
                                                                                                    • Instruction ID: 64894848de9305073ea3d8d38913829ca29f45f0e8796a649ebc3bffcb221838
                                                                                                    • Opcode Fuzzy Hash: b037c659eb8845ef9b809c37cd833165d4527967135c59efa62224cce223aa71
                                                                                                    • Instruction Fuzzy Hash: B6417031D0012ABBDF20AE94C841EAEB7BAEF45710F20416AF915EB350DB718E51DB90
                                                                                                    Function 006C65D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WideCharToMultiByte.KERNEL32(006DB508,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 006C66A3
                                                                                                    • GetLastError.KERNEL32 ref: 006C66BF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharErrorLastMultiWide
                                                                                                    • String ID: comres.dll
                                                                                                    • API String ID: 203985260-246242247
                                                                                                    • Opcode ID: 22f01822006a805abf63ebee8e0021862e181659c937edb86b06e371df87230c
                                                                                                    • Instruction ID: 0a5af064de83e36ace3ae56cf04ca5af79a49dfcb15ec3bc3b0d0f74b7bbfc72
                                                                                                    • Opcode Fuzzy Hash: 22f01822006a805abf63ebee8e0021862e181659c937edb86b06e371df87230c
                                                                                                    • Instruction Fuzzy Hash: 6231F631600215ABCB21AF56C885FFB3BAADF56750F14412DF8149B3A1DB30CD41C7AA
                                                                                                    Function 006D8E07 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D8CFB: lstrlenW.KERNEL32(00000100,?,?,006D9098,000002C0,00000100,00000100,00000100,?,?,?,006B7B40,?,?,000001BC,00000000), ref: 006D8D1B
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,006DB4F0,wininet.dll,?), ref: 006D8F07
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000,?,00000000,?,?,?,00000000,wininet.dll,?,006DB4F0,wininet.dll,?), ref: 006D8F14
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                      • Part of subcall function 006D0D1C: RegEnumKeyExW.ADVAPI32(00000000,000002C0,00000410,00000002,00000000,00000000,00000000,00000000,00000410,00000002,00000100,00000000,00000000,?,?,006B8BD8), ref: 006D0D77
                                                                                                      • Part of subcall function 006D0D1C: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,00000000,00000000,?,?,006B8BD8,00000000), ref: 006D0D99
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$EnumInfoOpenQuerylstrlen
                                                                                                    • String ID: wininet.dll
                                                                                                    • API String ID: 2680864210-3354682871
                                                                                                    • Opcode ID: 01e6d17ffb5630a8fbfc3283fe8c0dfa82a573f7d1733341c476be2a8869b973
                                                                                                    • Instruction ID: 6c57cf73b16091c6a86c516d9afce217ccd4d3ab9edea7ea9e1a51da0e4247d5
                                                                                                    • Opcode Fuzzy Hash: 01e6d17ffb5630a8fbfc3283fe8c0dfa82a573f7d1733341c476be2a8869b973
                                                                                                    • Instruction Fuzzy Hash: 9931F876C01129BFCF21AF95C9849AEFBBBEF84350B55416AE901B7321DB314E509B90
                                                                                                    Function 006D9220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D8CFB: lstrlenW.KERNEL32(00000100,?,?,006D9098,000002C0,00000100,00000100,00000100,?,?,?,006B7B40,?,?,000001BC,00000000), ref: 006D8D1B
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000), ref: 006D9305
                                                                                                    • RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000), ref: 006D931F
                                                                                                      • Part of subcall function 006D0AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,006A0491,?,00000000,00020006), ref: 006D0AFA
                                                                                                      • Part of subcall function 006D1392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0069F1C2,00000000,?,00020006), ref: 006D13C5
                                                                                                      • Part of subcall function 006D1392: RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,0069F1C2,00000000,?,00020006,?,00020006,00020006,00000000,?,?,?), ref: 006D13F5
                                                                                                      • Part of subcall function 006D1344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0069F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 006D1359
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value$Close$CreateDeletelstrlen
                                                                                                    • String ID: %ls\%ls
                                                                                                    • API String ID: 3924016894-2125769799
                                                                                                    • Opcode ID: cdb3888df055dfc2c1d989a8b03234dad48cefa9171c73324a923753af97c2ba
                                                                                                    • Instruction ID: 8a1e6389bfa4f70d7966f0641b6c1b4d8dbf21c005a9451df98a413ee86a1fda
                                                                                                    • Opcode Fuzzy Hash: cdb3888df055dfc2c1d989a8b03234dad48cefa9171c73324a923753af97c2ba
                                                                                                    • Instruction Fuzzy Hash: F631EC72C0112EBBCF12AFD5CC818EEBBBAEF04754B15416AF905B6221D7318E50DBA0
                                                                                                    Function 006939CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _memcpy_s
                                                                                                    • String ID: crypt32.dll$wininet.dll
                                                                                                    • API String ID: 2001391462-82500532
                                                                                                    • Opcode ID: 20d9f25f4ff598d2956f110480d47adb0513f97da9c1314b068fe09bcabe11f2
                                                                                                    • Instruction ID: 3f927b7e2f7a522cf2c8c836a9c1542de196bb2076bfd54da47f0d24506aa622
                                                                                                    • Opcode Fuzzy Hash: 20d9f25f4ff598d2956f110480d47adb0513f97da9c1314b068fe09bcabe11f2
                                                                                                    • Instruction Fuzzy Hash: FD115E71600219ABCF08DF19CDD59EFBF6EEF95254B14812AFC098B311E230EA108BE0
                                                                                                    Function 006D1392 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,0069F1C2,00000000,?,00020006), ref: 006D13C5
                                                                                                    • RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,0069F1C2,00000000,?,00020006,?,00020006,00020006,00000000,?,?,?), ref: 006D13F5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value$Delete
                                                                                                    • String ID: regutil.cpp
                                                                                                    • API String ID: 1738766685-955085611
                                                                                                    • Opcode ID: 9682682252828971f401612f26b2755e7b9f4a289465ebf8af80f701390e8b0d
                                                                                                    • Instruction ID: d3bd5ec57f9692cc0d9567187e25fb4bc248b7805f8df789ce86e9515e680bb5
                                                                                                    • Opcode Fuzzy Hash: 9682682252828971f401612f26b2755e7b9f4a289465ebf8af80f701390e8b0d
                                                                                                    • Instruction Fuzzy Hash: 4811C632E40239BBEF215EA58C05BEA76EBEF05750F014226FD00EE2A0D7B1CD1196D0
                                                                                                    Function 0069DCA5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,006B744B,00000000,IGNOREDEPENDENCIES,00000000,?,006DB508), ref: 0069DCF6
                                                                                                    Strings
                                                                                                    • IGNOREDEPENDENCIES, xrefs: 0069DCAD
                                                                                                    • Failed to copy the property value., xrefs: 0069DD2A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
                                                                                                    • API String ID: 1825529933-1412343224
                                                                                                    • Opcode ID: c0aa05ef4356f70a273af8eac43bfa1859285098ce81a77c57c419378d220c80
                                                                                                    • Instruction ID: 34e936adfd7c20324fa658c2684a450662c350aaaad8292e086275d3e2748613
                                                                                                    • Opcode Fuzzy Hash: c0aa05ef4356f70a273af8eac43bfa1859285098ce81a77c57c419378d220c80
                                                                                                    • Instruction Fuzzy Hash: 66119E32604215EFDF104F54CC85BAAB7AAEF19324F264276FA189B691C7B0A854C790
                                                                                                    Function 006D54F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53sleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,006A8C90,?,00000001,20000004,00000000,00000000,?,00000000), ref: 006D5527
                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,006A8C90,?), ref: 006D5542
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoNamedSecuritySleep
                                                                                                    • String ID: aclutil.cpp
                                                                                                    • API String ID: 2352087905-2159165307
                                                                                                    • Opcode ID: e3402d1291112fd7779416af522f86c53fa13fcd43fbb508259d6cecc2994da0
                                                                                                    • Instruction ID: d2975a913d89be9d6f6d1034f958dd11513ec1026fd354aaf822f38a71e1f052
                                                                                                    • Opcode Fuzzy Hash: e3402d1291112fd7779416af522f86c53fa13fcd43fbb508259d6cecc2994da0
                                                                                                    • Instruction Fuzzy Hash: 24018237C01628BBCF229E95DC04EDE7E6BEF44760F020116FE0566610D6318D6097E0
                                                                                                    Function 006A55BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 006A55D9
                                                                                                    • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 006A5633
                                                                                                    Strings
                                                                                                    • Failed to initialize COM on cache thread., xrefs: 006A55E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeUninitialize
                                                                                                    • String ID: Failed to initialize COM on cache thread.
                                                                                                    • API String ID: 3442037557-3629645316
                                                                                                    • Opcode ID: 10bd7874a68e90e65db2122e9f25a19fc8c5fa79ae337bf43a9b92a1e3872802
                                                                                                    • Instruction ID: 6bac087ff32db2a33ff1313ee1f07ddc803830aa43743f0834f4942a9c31a77c
                                                                                                    • Opcode Fuzzy Hash: 10bd7874a68e90e65db2122e9f25a19fc8c5fa79ae337bf43a9b92a1e3872802
                                                                                                    • Instruction Fuzzy Hash: DA01A172600609BFCB019FA5DC80DD6F7AEFF08354B018126F909C7221DB30AD148B94
                                                                                                    Function 0069155F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LCMapStringW.KERNEL32(0000007F,00000000,00000000,006A6EF3,00000000,006A6EF3,00000000,00000000,006A6EF3,00000000,00000000,00000000,?,00692326,00000000,00000000), ref: 006915A3
                                                                                                    • GetLastError.KERNEL32(?,00692326,00000000,00000000,006A6EF3,00000200,?,006D516B,00000000,006A6EF3,00000000,006A6EF3,00000000,00000000,00000000), ref: 006915AD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastString
                                                                                                    • String ID: strutil.cpp
                                                                                                    • API String ID: 3728238275-3612885251
                                                                                                    • Opcode ID: 0b1e0ba215544e5b07f9f872a6b8a1b164c4e2a055420c372ccfea5fc44d1064
                                                                                                    • Instruction ID: 258e2e310bfa80ca75cf28d25368ce20a396fe3b4c4c301ddd95bacfeebd1ed2
                                                                                                    • Opcode Fuzzy Hash: 0b1e0ba215544e5b07f9f872a6b8a1b164c4e2a055420c372ccfea5fc44d1064
                                                                                                    • Instruction Fuzzy Hash: D5019276A00626A79F219E968C44E577AAEEF86760B130216FE15DF650D620D81087E1
                                                                                                    Function 006D3803 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 006D3849
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D387C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocFree
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 344208780-1270936966
                                                                                                    • Opcode ID: 94314b95064c566bc80a3877102dde5c0321ecfd7dd1159028b435f639a4d90c
                                                                                                    • Instruction ID: e20f78e678d9671be2b4c467335f5f1e914dacbbb196c0d72ec6821ce364a33f
                                                                                                    • Opcode Fuzzy Hash: 94314b95064c566bc80a3877102dde5c0321ecfd7dd1159028b435f639a4d90c
                                                                                                    • Instruction Fuzzy Hash: 04018F75A40229ABDB211A549C04FBA369ADF45B60F12403BFE14AB740C674CE01A7E6
                                                                                                    Function 006D388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 006D38D0
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D3903
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocFree
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 344208780-1270936966
                                                                                                    • Opcode ID: 743d3af69675e8b2b35fcf5d2484cf465c08a8aaf45dc1ea1c623688261c5c77
                                                                                                    • Instruction ID: b1a93fa6367bdae09e5579396fd8ca43e66852c874f59fb3f8fd97674942c4f7
                                                                                                    • Opcode Fuzzy Hash: 743d3af69675e8b2b35fcf5d2484cf465c08a8aaf45dc1ea1c623688261c5c77
                                                                                                    • Instruction Fuzzy Hash: C1018F75E40229FBDB204A949808FBB379AEF45760F16002BFD05AB340C6B48E00A7E2
                                                                                                    Function 006D3AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,00020019,00000000,?,?,?,?,?,006D396A,?), ref: 006D3B3A
                                                                                                    Strings
                                                                                                    • EnableLUA, xrefs: 006D3B0C
                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, xrefs: 006D3AE4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: EnableLUA$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
                                                                                                    • API String ID: 47109696-3551287084
                                                                                                    • Opcode ID: ae3d12b93a751f72d6e6ad09eea1ce8a62a4e567b521c8e1afb48fda0857006b
                                                                                                    • Instruction ID: fc8207eeb6aca0c301571a6ab63659f402bfc95ddde0204aa4daaf8a9be8e8fc
                                                                                                    • Opcode Fuzzy Hash: ae3d12b93a751f72d6e6ad09eea1ce8a62a4e567b521c8e1afb48fda0857006b
                                                                                                    • Instruction Fuzzy Hash: D7017C32C11238EBD710AAA5C80ABEEFBAEDB14721F21416BE900A7311D3745E50D695
                                                                                                    Function 00696418 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 0069642A
                                                                                                      • Part of subcall function 006D09BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00695D8F,00000000), ref: 006D09CF
                                                                                                      • Part of subcall function 006D09BB: GetProcAddress.KERNEL32(00000000), ref: 006D09D6
                                                                                                      • Part of subcall function 006D09BB: GetLastError.KERNEL32(?,?,?,00695D8F,00000000), ref: 006D09ED
                                                                                                      • Part of subcall function 00695BF0: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00695C77
                                                                                                    Strings
                                                                                                    • Failed to get 64-bit folder., xrefs: 0069644D
                                                                                                    • Failed to set variant value., xrefs: 00696467
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
                                                                                                    • String ID: Failed to get 64-bit folder.$Failed to set variant value.
                                                                                                    • API String ID: 3109562764-2681622189
                                                                                                    • Opcode ID: e894640ca083fcb10700e8c02de7adc08517cde730cddfbb292be35c05d5ddbc
                                                                                                    • Instruction ID: 5943ad3de9b60b8cd9c88fdf0abdae19001cd4f7ae7605927704eb4010639ab5
                                                                                                    • Opcode Fuzzy Hash: e894640ca083fcb10700e8c02de7adc08517cde730cddfbb292be35c05d5ddbc
                                                                                                    • Instruction Fuzzy Hash: 29016272D01328BBDF11E7D4CC06AEE7BAEDF00B21F11815AF800A6252D6719E40D7D4
                                                                                                    Function 006933D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,006910DD,?,00000000), ref: 006933F8
                                                                                                    • GetLastError.KERNEL32(?,?,?,006910DD,?,00000000), ref: 0069340F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastModuleName
                                                                                                    • String ID: pathutil.cpp
                                                                                                    • API String ID: 2776309574-741606033
                                                                                                    • Opcode ID: c3288a7a711a30e1d482e81e598c0a113af74fe83f769f14cdf87d7d66538224
                                                                                                    • Instruction ID: 1e05875b3f1a5952e847f4e474fd61c2db15a8711854924901cba8b9c8b2e2c9
                                                                                                    • Opcode Fuzzy Hash: c3288a7a711a30e1d482e81e598c0a113af74fe83f769f14cdf87d7d66538224
                                                                                                    • Instruction Fuzzy Hash: 4AF0F633B00230ABDB22666A5C48E97BADFDB95BA0B134126FD05EBB10C721CD0182F0
                                                                                                    Function 006A0598 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 006D0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,006D5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 006D0E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000,?,?,006BBB7C,00000101,?), ref: 006A05EF
                                                                                                    Strings
                                                                                                    • Failed to update resume mode., xrefs: 006A05D9
                                                                                                    • Failed to open registration key., xrefs: 006A05BF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: Failed to open registration key.$Failed to update resume mode.
                                                                                                    • API String ID: 47109696-3366686031
                                                                                                    • Opcode ID: fe2bd334c914b7b7ea9a9fef2b8c9aed27fdf20a1e16b4ef326cbdd73c943bc4
                                                                                                    • Instruction ID: a4232bd3d37c0a39f4a69adc3eb00cc9ddd36044aed6a93b4a184629e17aef1b
                                                                                                    • Opcode Fuzzy Hash: fe2bd334c914b7b7ea9a9fef2b8c9aed27fdf20a1e16b4ef326cbdd73c943bc4
                                                                                                    • Instruction Fuzzy Hash: 97F06832D41228F7EB22AA95DD06BDEB76FEF02750F11015AF500B6150DB75AF10AAD4
                                                                                                    Function 006D48CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileSizeEx.KERNEL32(00000000,00000000,00000000,759234C0,?,?,?,0069B919,?,?,?,00000000,00000000), ref: 006D48E3
                                                                                                    • GetLastError.KERNEL32(?,?,?,0069B919,?,?,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 006D48ED
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastSize
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 464720113-2967768451
                                                                                                    • Opcode ID: 4636c533472702066f4e7ad9d78a8b005d1ce0e91dc2cb329e6f2cc22a0902c0
                                                                                                    • Instruction ID: 65d0dfbdce3f9c4a45abc154a119cebe0214b64fcbbfea031361c372e3b2af68
                                                                                                    • Opcode Fuzzy Hash: 4636c533472702066f4e7ad9d78a8b005d1ce0e91dc2cb329e6f2cc22a0902c0
                                                                                                    • Instruction Fuzzy Hash: 46F04FB2E01229ABAB109F99D8059ABFBEDEF04750B02421BFC05E7310D771AD10CBE4
                                                                                                    Function 006D30BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 006D30D4
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D3104
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocFree
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 344208780-1270936966
                                                                                                    • Opcode ID: 3b9ed783fd739208de70ceeaa3e871880c931462276ed724ca5974b8bb9a7475
                                                                                                    • Instruction ID: 0af13de9ca73439993da02b916dc36d8340fe77408555efbb5ce93e0452d264f
                                                                                                    • Opcode Fuzzy Hash: 3b9ed783fd739208de70ceeaa3e871880c931462276ed724ca5974b8bb9a7475
                                                                                                    • Instruction Fuzzy Hash: 05F0E932A01279E7CB315F449C09FAB7BA7EF41B60F16002AFD046B310C7758E209AE5
                                                                                                    Function 006D336E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 006D3383
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 006D33B3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$AllocFree
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 344208780-1270936966
                                                                                                    • Opcode ID: 4979439868092ad80aa2aef51f57827de21c25e21588bfd1652d6a39a0b2fb6c
                                                                                                    • Instruction ID: 7c834bb16b630cd73f1f7c059472901f60e2becff37320c2e2e3558b4eef6f1b
                                                                                                    • Opcode Fuzzy Hash: 4979439868092ad80aa2aef51f57827de21c25e21588bfd1652d6a39a0b2fb6c
                                                                                                    • Instruction Fuzzy Hash: 6EF0B435A00578E7CB210E49DD08FAB37AAEB85760B17001BFD049B310CB74CE109BE2
                                                                                                    Function 006D1344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,0069F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 006D1359
                                                                                                    Strings
                                                                                                    • SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 006D1347
                                                                                                    • regutil.cpp, xrefs: 006D1381
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value
                                                                                                    • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$regutil.cpp
                                                                                                    • API String ID: 3702945584-2416625845
                                                                                                    • Opcode ID: 0128b41e2ef74b9b1acfef288fc0b76d46c7299ed08540dce2e2041412d2a5d6
                                                                                                    • Instruction ID: 8db9f3c29ff3722712a45af438765f46c634ef9a80f7cdca749d0eb6bf49f933
                                                                                                    • Opcode Fuzzy Hash: 0128b41e2ef74b9b1acfef288fc0b76d46c7299ed08540dce2e2041412d2a5d6
                                                                                                    • Instruction Fuzzy Hash: 34E06D72B442397BEB206AA68C05FA77ACDDB05BA0F024021BF08EE190D2618D00C2E4
                                                                                                    Function 006D0CD1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 006D0CF2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000002.2551812801.0000000000691000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00690000, based on PE: true
                                                                                                    • Associated: 00000004.00000002.2551735754.0000000000690000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551887541.00000000006DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551947399.00000000006FA000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    • Associated: 00000004.00000002.2551998110.00000000006FE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_2_690000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc
                                                                                                    • String ID: AdvApi32.dll$RegDeleteKeyExW
                                                                                                    • API String ID: 190572456-850864035
                                                                                                    • Opcode ID: f678a593c2e87f855704fed6d593a32799da28e909acaec12f71e8002799b160
                                                                                                    • Instruction ID: 19ed248ba4b5621cbd472a88eb13d96b9c00c05683339be24571aa97cdcd21d3
                                                                                                    • Opcode Fuzzy Hash: f678a593c2e87f855704fed6d593a32799da28e909acaec12f71e8002799b160
                                                                                                    • Instruction Fuzzy Hash: 07E08CB0B05A28DBCB049F68FC16A353A93FB14B04712712AF901D6771CFB05800CB94

                                                                                                    Executed Functions

                                                                                                    Function 009069CC Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 358synchronizationCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1299 9069cc-906a2d call 8f550f call 8fd39d 1304 906a41-906a94 call 91bc8f call 8fd58b 1299->1304 1305 906a2f-906a3c call 93012f 1299->1305 1324 906a96-906aa6 call 8f37d3 1304->1324 1325 906abb-906abf 1304->1325 1310 906d85-906d95 call 91bcef 1305->1310 1315 906d97-906da3 ReleaseMutex CloseHandle 1310->1315 1316 906da9-906dad 1310->1316 1315->1316 1317 906dbb-906dbd 1316->1317 1318 906daf-906db6 call 8fd443 1316->1318 1321 906dc6-906ddc 1317->1321 1322 906dbf-906dc0 CloseHandle 1317->1322 1318->1317 1332 906de5-906dff call 903c30 call 904224 call 8f550f 1321->1332 1333 906dde 1321->1333 1322->1321 1338 906aab-906aac call 93012f 1324->1338 1326 906ae0-906aef call 91badf 1325->1326 1327 906ac1-906ade call 8fd742 1325->1327 1340 906af1-906af6 1326->1340 1341 906af8-906b16 call 91bad3 call 91bcc0 1326->1341 1339 906ab3-906ab6 1327->1339 1352 906e04-906e0f 1332->1352 1333->1332 1346 906ab1-906ab2 1338->1346 1339->1310 1340->1338 1353 906b18-906b1d 1341->1353 1354 906b1f-906b27 1341->1354 1346->1339 1353->1338 1355 906b52-906b5a 1354->1355 1356 906b29-906b2f 1354->1356 1358 906b8b-906b91 1355->1358 1359 906b5c-906b74 call 909762 1355->1359 1356->1355 1357 906b31-906b37 1356->1357 1357->1355 1360 906b39-906b3f 1357->1360 1362 906b93-906ba3 call 907297 1358->1362 1363 906bec-906bf2 1358->1363 1367 906b79-906b7d 1359->1367 1360->1355 1364 906b41-906b4d call 8f550f 1360->1364 1381 906ba5-906baa 1362->1381 1382 906baf-906bce call 90cd9a 1362->1382 1365 906bf4-906bf5 call 91bae4 1363->1365 1366 906c1e-906c24 1363->1366 1364->1346 1379 906bfa-906bfe 1365->1379 1374 906c2a-906c50 CreateThread 1366->1374 1375 906cbc 1366->1375 1371 906b89 1367->1371 1372 906b7f-906b84 1367->1372 1371->1358 1372->1338 1376 906c92-906c9a 1374->1376 1377 906c52-906c80 GetLastError call 8f37d3 1374->1377 1380 906cbf-906cc5 1375->1380 1376->1380 1385 906c9c-906c9d call 9067b0 1376->1385 1398 906c85-906c8d call 93012f 1377->1398 1386 906c00-906c10 call 93012f 1379->1386 1387 906c15-906c1c 1379->1387 1388 906cf1-906cf3 1380->1388 1389 906cc7-906cdd call 91b98b 1380->1389 1381->1338 1391 906bd3-906bd7 1382->1391 1404 906ca2-906ca6 1385->1404 1412 906d74-906d78 1386->1412 1387->1366 1392 906d01-906d03 1388->1392 1393 906cf5-906cfd call 9067b0 1388->1393 1397 906ce2-906cec call 8fd51c 1389->1397 1399 906be3-906bea 1391->1399 1400 906bd9 1391->1400 1402 906d05-906d09 1392->1402 1403 906d39-906d3d 1392->1403 1393->1403 1417 906cff 1393->1417 1397->1388 1398->1403 1399->1363 1400->1399 1402->1403 1409 906d0b-906d0f 1402->1409 1403->1412 1413 906d3f-906d43 1403->1413 1410 906ca8-906cad 1404->1410 1411 906caf-906cba CloseHandle 1404->1411 1409->1403 1418 906d11-906d15 1409->1418 1410->1398 1411->1380 1412->1310 1419 906d7a-906d80 call 90ce6d 1412->1419 1414 906d52-906d54 1413->1414 1415 906d45-906d4c 1413->1415 1421 906d55-906d57 1414->1421 1415->1414 1420 906d4e-906d50 1415->1420 1417->1392 1418->1403 1422 906d17-906d1e 1418->1422 1419->1310 1420->1421 1424 906d63-906d65 1421->1424 1425 906d59-906d5d 1421->1425 1422->1403 1426 906d20-906d34 call 91b962 1422->1426 1428 906d66-906d6f call 91bcfb 1424->1428 1425->1424 1427 906d5f-906d61 1425->1427 1426->1403 1427->1428 1428->1412
                                                                                                    APIs
                                                                                                      • Part of subcall function 008FD39D: EnterCriticalSection.KERNEL32(?,?,00000000,?,?,0091B2BB,?,00000000,?,0091967A,00000000,00000000,00000001,00000000,00000001,?), ref: 008FD3AC
                                                                                                      • Part of subcall function 008FD39D: InterlockedCompareExchange.KERNEL32(00000028,00000001,00000000), ref: 008FD3BB
                                                                                                      • Part of subcall function 008FD39D: LeaveCriticalSection.KERNEL32(?,?,0091B2BB,?,00000000,?,0091967A,00000000,00000000,00000001,00000000,00000001,?,?,?,?), ref: 008FD3D0
                                                                                                    • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000000,00000001,00000000), ref: 00906D9A
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00906DA3
                                                                                                    • CloseHandle.KERNEL32(008F4740,?,00000000,?,00000000,00000001,00000000), ref: 00906DC0
                                                                                                    Strings
                                                                                                    • Failed to register bundle., xrefs: 00906C00
                                                                                                    • Failed to elevate., xrefs: 00906BA5
                                                                                                    • Engine cannot start apply because it is busy with another action., xrefs: 00906A2F
                                                                                                    • Another per-machine setup is already executing., xrefs: 00906BD9
                                                                                                    • Failed to create cache thread., xrefs: 00906C80
                                                                                                    • Failed to cache engine to working directory., xrefs: 00906B7F
                                                                                                    • Failed while caching, aborting execution., xrefs: 00906CA8
                                                                                                    • UX aborted apply begin., xrefs: 00906AA6
                                                                                                    • Another per-user setup is already executing., xrefs: 00906AF1
                                                                                                    • Failed to set initial apply variables., xrefs: 00906B18
                                                                                                    • crypt32.dll, xrefs: 00906CD2
                                                                                                    • core.cpp, xrefs: 00906A9C, 00906C76
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCriticalHandleSection$CompareEnterExchangeInterlockedLeaveMutexRelease
                                                                                                    • String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to set initial apply variables.$Failed while caching, aborting execution.$UX aborted apply begin.$core.cpp$crypt32.dll
                                                                                                    • API String ID: 322611130-4292671789
                                                                                                    • Opcode ID: d4cb809101a0aa781d1cb6d201e2690c5fe92c66b69194b9c33243125266e9a0
                                                                                                    • Instruction ID: bad20d3207fd16e15f491764199e87e4f1c4b5d877d8d87e6e1f21f74ab8fdca
                                                                                                    • Opcode Fuzzy Hash: d4cb809101a0aa781d1cb6d201e2690c5fe92c66b69194b9c33243125266e9a0
                                                                                                    • Instruction Fuzzy Hash: 1EC1C1B1A0061AAFDB199FA4CC45FEEB7ADFF44304F00422AF615E61C1DB74A9648B91
                                                                                                    Function 008F1070 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 77fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 008F33D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,00000000,00000000,?,0091AD27,00000001,00000000,?,WixBundleSourceProcessPath,00000001,?), ref: 008F33F8
                                                                                                    • CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 008F10F6
                                                                                                      • Part of subcall function 008F1174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,008F111A,cabinet.dll,00000009,?,?,00000000), ref: 008F1185
                                                                                                      • Part of subcall function 008F1174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,008F111A,cabinet.dll,00000009,?,?,00000000), ref: 008F1190
                                                                                                      • Part of subcall function 008F1174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008F119E
                                                                                                      • Part of subcall function 008F1174: GetLastError.KERNEL32(?,?,?,?,008F111A,cabinet.dll,00000009,?,?,00000000), ref: 008F11B9
                                                                                                      • Part of subcall function 008F1174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 008F11C1
                                                                                                      • Part of subcall function 008F1174: GetLastError.KERNEL32(?,?,?,?,008F111A,cabinet.dll,00000009,?,?,00000000), ref: 008F11D6
                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,0093B4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 008F1131
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorFileHandleLastModuleProc$CloseCreateHeapInformationName
                                                                                                    • String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                                                    • API String ID: 3687706282-3151496603
                                                                                                    • Opcode ID: 99e677d554098fb1544802da91b66b49f0f756a99edd79beff3c27ffe408b161
                                                                                                    • Instruction ID: af7130c2fab9229d4fa7df9f70d7cf07027cdebd394ca944c3c1bcafab8fc018
                                                                                                    • Opcode Fuzzy Hash: 99e677d554098fb1544802da91b66b49f0f756a99edd79beff3c27ffe408b161
                                                                                                    • Instruction Fuzzy Hash: 59214D71A0020CAADB109FB99C49BEEBBF8FB45714F504119EB10F62A1DB709948CFA5
                                                                                                    Function 0090993E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108filestringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNELBASE(?,?,?,?,*.*,?,?,?,00000000,.unverified,?), ref: 009099ED
                                                                                                    • lstrlenW.KERNEL32(?), ref: 00909A14
                                                                                                    • FindNextFileW.KERNELBASE(00000000,00000010), ref: 00909A74
                                                                                                    • FindClose.KERNEL32(00000000), ref: 00909A7F
                                                                                                      • Part of subcall function 008F3BC3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?), ref: 008F3C3F
                                                                                                      • Part of subcall function 008F3BC3: GetLastError.KERNEL32(?,?,?,00000000,?,?), ref: 008F3C52
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileFind$AttributesCloseErrorFirstLastNextlstrlen
                                                                                                    • String ID: *.*$.unverified
                                                                                                    • API String ID: 457978746-2528915496
                                                                                                    • Opcode ID: 516ce65241598375b763ee8c24332b5da46121c7e97ef35c0711ef9ae085923e
                                                                                                    • Instruction ID: 8d7838ca4a0c9a6f68287068e3c00c776f7bf494fc485b3568bd59f2724516ce
                                                                                                    • Opcode Fuzzy Hash: 516ce65241598375b763ee8c24332b5da46121c7e97ef35c0711ef9ae085923e
                                                                                                    • Instruction Fuzzy Hash: 17416031A0466CAEDF20AB64DC49BEAB7B8EF84715F4001E5E908E10E1EB708EC4DF54
                                                                                                    Function 00924812 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,009247E8,00000000,00957CF8,0000000C,0092493F,00000000,00000002,00000000), ref: 00924833
                                                                                                    • TerminateProcess.KERNEL32(00000000,?,009247E8,00000000,00957CF8,0000000C,0092493F,00000000,00000002,00000000), ref: 0092483A
                                                                                                    • ExitProcess.KERNEL32 ref: 0092484C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1703294689-0
                                                                                                    • Opcode ID: aff9d228b295ec117042c82feae2ef193c117b292512d748970ad94fd27aa23c
                                                                                                    • Instruction ID: 62f3b8efdb7f5c525b078a6942dae4895fcc1c8428e93058c791b81c62c54ead
                                                                                                    • Opcode Fuzzy Hash: aff9d228b295ec117042c82feae2ef193c117b292512d748970ad94fd27aa23c
                                                                                                    • Instruction Fuzzy Hash: A0E0B631424698ABCF116F55ED09A5A3F69FB51341F050528FA158B136CB35ED42EE84
                                                                                                    Function 00934315 Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 00934350
                                                                                                    • FindClose.KERNEL32(00000000), ref: 0093435C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                    • String ID:
                                                                                                    • API String ID: 2295610775-0
                                                                                                    • Opcode ID: d0d4186a688b69f50c42fbdbcfe62c31195c368be61d4eb8e087ecdc0e762a9c
                                                                                                    • Instruction ID: a02cc08769b1fa50547ae3f66ded763b9375a2c9703e29c530ea5f29f05cc7a0
                                                                                                    • Opcode Fuzzy Hash: d0d4186a688b69f50c42fbdbcfe62c31195c368be61d4eb8e087ecdc0e762a9c
                                                                                                    • Instruction Fuzzy Hash: F301D63260020CABDB10EFB99D89AAAB7ACEFC5311F400165E948C3240E7306D598B54
                                                                                                    Function 008FF86E Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 445COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 220 8ff86e-8ff8a4 call 93388a 223 8ff8b8-8ff8d1 call 9331c7 220->223 224 8ff8a6-8ff8b3 call 93012f 220->224 230 8ff8dd-8ff8f2 call 9331c7 223->230 231 8ff8d3-8ff8d8 223->231 229 8ffda0-8ffda5 224->229 232 8ffdad-8ffdb2 229->232 233 8ffda7-8ffda9 229->233 243 8ff8fe-8ff90b call 8fe936 230->243 244 8ff8f4-8ff8f9 230->244 234 8ffd97-8ffd9e call 93012f 231->234 237 8ffdba-8ffdbf 232->237 238 8ffdb4-8ffdb6 232->238 233->232 246 8ffd9f 234->246 241 8ffdc7-8ffdcb 237->241 242 8ffdc1-8ffdc3 237->242 238->237 247 8ffdcd-8ffdd0 call 9354ef 241->247 248 8ffdd5-8ffddc 241->248 242->241 251 8ff90d-8ff912 243->251 252 8ff917-8ff92c call 9331c7 243->252 244->234 246->229 247->248 251->234 255 8ff92e-8ff933 252->255 256 8ff938-8ff94a call 934b5a 252->256 255->234 259 8ff94c-8ff954 256->259 260 8ff959-8ff96e call 9331c7 256->260 261 8ffc23-8ffc2c call 93012f 259->261 266 8ff97a-8ff98f call 9331c7 260->266 267 8ff970-8ff975 260->267 261->246 270 8ff99b-8ff9ad call 9333db 266->270 271 8ff991-8ff996 266->271 267->234 274 8ff9af-8ff9b4 270->274 275 8ff9b9-8ff9cf call 93388a 270->275 271->234 274->234 278 8ffc7e-8ffc98 call 8febb2 275->278 279 8ff9d5-8ff9d7 275->279 285 8ffc9a-8ffc9f 278->285 286 8ffca4-8ffcbc call 93388a 278->286 280 8ff9d9-8ff9de 279->280 281 8ff9e3-8ff9f8 call 9333db 279->281 280->234 288 8ff9fa-8ff9ff 281->288 289 8ffa04-8ffa19 call 9331c7 281->289 285->234 294 8ffd86-8ffd87 call 8fefe5 286->294 295 8ffcc2-8ffcc4 286->295 288->234 296 8ffa1b-8ffa1d 289->296 297 8ffa29-8ffa3e call 9331c7 289->297 304 8ffd8c-8ffd90 294->304 298 8ffcc6-8ffccb 295->298 299 8ffcd0-8ffcee call 9331c7 295->299 296->297 301 8ffa1f-8ffa24 296->301 308 8ffa4e-8ffa63 call 9331c7 297->308 309 8ffa40-8ffa42 297->309 298->234 310 8ffcfa-8ffd12 call 9331c7 299->310 311 8ffcf0-8ffcf5 299->311 301->234 304->246 307 8ffd92 304->307 307->234 319 8ffa65-8ffa67 308->319 320 8ffa73-8ffa88 call 9331c7 308->320 309->308 312 8ffa44-8ffa49 309->312 317 8ffd1f-8ffd37 call 9331c7 310->317 318 8ffd14-8ffd16 310->318 311->234 312->234 327 8ffd39-8ffd3b 317->327 328 8ffd44-8ffd5c call 9331c7 317->328 318->317 323 8ffd18-8ffd1d 318->323 319->320 324 8ffa69-8ffa6e 319->324 329 8ffa8a-8ffa8c 320->329 330 8ffa98-8ffaad call 9331c7 320->330 323->234 324->234 327->328 331 8ffd3d-8ffd42 327->331 337 8ffd5e-8ffd63 328->337 338 8ffd65-8ffd7d call 9331c7 328->338 329->330 332 8ffa8e-8ffa93 329->332 339 8ffaaf-8ffab1 330->339 340 8ffabd-8ffad2 call 9331c7 330->340 331->234 332->234 337->234 338->294 346 8ffd7f-8ffd84 338->346 339->340 342 8ffab3-8ffab8 339->342 347 8ffad4-8ffad6 340->347 348 8ffae2-8ffaf7 call 9331c7 340->348 342->234 346->234 347->348 350 8ffad8-8ffadd 347->350 352 8ffaf9-8ffafb 348->352 353 8ffb07-8ffb1c call 9331c7 348->353 350->234 352->353 354 8ffafd-8ffb02 352->354 357 8ffb1e-8ffb20 353->357 358 8ffb2c-8ffb44 call 9331c7 353->358 354->234 357->358 359 8ffb22-8ffb27 357->359 362 8ffb46-8ffb48 358->362 363 8ffb54-8ffb6c call 9331c7 358->363 359->234 362->363 364 8ffb4a-8ffb4f 362->364 367 8ffb6e-8ffb70 363->367 368 8ffb7c-8ffb91 call 9331c7 363->368 364->234 367->368 369 8ffb72-8ffb77 367->369 372 8ffb97-8ffbb4 CompareStringW 368->372 373 8ffc31-8ffc33 368->373 369->234 376 8ffbbe-8ffbd3 CompareStringW 372->376 377 8ffbb6-8ffbbc 372->377 374 8ffc3e-8ffc40 373->374 375 8ffc35-8ffc3c 373->375 378 8ffc4c-8ffc64 call 9333db 374->378 379 8ffc42-8ffc47 374->379 375->374 381 8ffbd5-8ffbdf 376->381 382 8ffbe1-8ffbf6 CompareStringW 376->382 380 8ffbff-8ffc04 377->380 378->278 388 8ffc66-8ffc68 378->388 379->234 380->374 381->380 384 8ffbf8 382->384 385 8ffc06-8ffc1e call 8f37d3 382->385 384->380 385->261 390 8ffc6a-8ffc6f 388->390 391 8ffc74 388->391 390->234 391->278
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
                                                                                                    • API String ID: 0-2956246334
                                                                                                    • Opcode ID: 43b60a029153a2f6698ecce9049bee67006ddfed1b2c713358f5f7226dae376d
                                                                                                    • Instruction ID: 88286e7834c3e4da0aeb60107b9020914e516f89178dcd9bcf171bdbce7987cd
                                                                                                    • Opcode Fuzzy Hash: 43b60a029153a2f6698ecce9049bee67006ddfed1b2c713358f5f7226dae376d
                                                                                                    • Instruction Fuzzy Hash: 18E17132E8467EBBCB21AAB0CC42EBD6A64FF44758F114275FF10F6192D7619D509A80
                                                                                                    Function 008FB389 Relevance: 91.6, APIs: 24, Strings: 28, Instructions: 565fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 392 8fb389-8fb3fd call 91f670 * 2 397 8fb3ff-8fb42a GetLastError call 8f37d3 392->397 398 8fb435-8fb450 SetFilePointerEx 392->398 408 8fb42f-8fb430 397->408 400 8fb484-8fb49e ReadFile 398->400 401 8fb452-8fb482 GetLastError call 8f37d3 398->401 404 8fb4d5-8fb4dc 400->404 405 8fb4a0-8fb4d0 GetLastError call 8f37d3 400->405 401->408 406 8fbad3-8fbae7 call 8f37d3 404->406 407 8fb4e2-8fb4eb 404->407 405->408 422 8fbaec 406->422 407->406 411 8fb4f1-8fb501 SetFilePointerEx 407->411 412 8fbaed-8fbaf3 call 93012f 408->412 415 8fb538-8fb550 ReadFile 411->415 416 8fb503-8fb52e GetLastError call 8f37d3 411->416 424 8fbaf4-8fbb06 call 91de36 412->424 420 8fb587-8fb58e 415->420 421 8fb552-8fb57d GetLastError call 8f37d3 415->421 416->415 427 8fbab8-8fbad1 call 8f37d3 420->427 428 8fb594-8fb59e 420->428 421->420 422->412 427->422 428->427 432 8fb5a4-8fb5c7 SetFilePointerEx 428->432 435 8fb5fe-8fb616 ReadFile 432->435 436 8fb5c9-8fb5f4 GetLastError call 8f37d3 432->436 437 8fb64d-8fb665 ReadFile 435->437 438 8fb618-8fb643 GetLastError call 8f37d3 435->438 436->435 442 8fb69c-8fb6b7 SetFilePointerEx 437->442 443 8fb667-8fb692 GetLastError call 8f37d3 437->443 438->437 446 8fb6b9-8fb6e7 GetLastError call 8f37d3 442->446 447 8fb6f1-8fb710 ReadFile 442->447 443->442 446->447 448 8fba79-8fbaad GetLastError call 8f37d3 447->448 449 8fb716-8fb718 447->449 458 8fbaae-8fbab6 call 93012f 448->458 453 8fb719-8fb720 449->453 456 8fb726-8fb732 453->456 457 8fba54-8fba71 call 8f37d3 453->457 459 8fb73d-8fb746 456->459 460 8fb734-8fb73b 456->460 472 8fba76-8fba77 457->472 458->424 464 8fb74c-8fb772 ReadFile 459->464 465 8fba17-8fba2e call 8f37d3 459->465 460->459 463 8fb780-8fb787 460->463 470 8fb789-8fb7ab call 8f37d3 463->470 471 8fb7b0-8fb7c7 call 8f38d4 463->471 464->448 469 8fb778-8fb77e 464->469 476 8fba33-8fba39 call 93012f 465->476 469->453 470->472 479 8fb7eb-8fb800 SetFilePointerEx 471->479 480 8fb7c9-8fb7e6 call 8f37d3 471->480 472->458 488 8fba3f-8fba40 476->488 483 8fb802-8fb830 GetLastError call 8f37d3 479->483 484 8fb840-8fb865 ReadFile 479->484 480->412 499 8fb835-8fb83b call 93012f 483->499 489 8fb89c-8fb8a8 484->489 490 8fb867-8fb89a GetLastError call 8f37d3 484->490 492 8fba41-8fba43 488->492 494 8fb8cb-8fb8cf 489->494 495 8fb8aa-8fb8c6 call 8f37d3 489->495 490->499 492->424 500 8fba49-8fba4f call 8f3999 492->500 497 8fb90a-8fb91d call 9348cb 494->497 498 8fb8d1-8fb905 call 8f37d3 call 93012f 494->498 495->476 512 8fb91f-8fb924 497->512 513 8fb929-8fb933 497->513 498->492 499->488 500->424 512->499 515 8fb93d-8fb945 513->515 516 8fb935-8fb93b 513->516 518 8fb947-8fb94f 515->518 519 8fb951-8fb954 515->519 517 8fb956-8fb9b6 call 8f38d4 516->517 522 8fb9da-8fb9fb call 91f0f0 call 8fb106 517->522 523 8fb9b8-8fb9d4 call 8f37d3 517->523 518->517 519->517 522->492 530 8fb9fd-8fba0d call 8f37d3 522->530 523->522 530->465
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EDC3F0,00000000), ref: 008FB3FF
                                                                                                    • SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB44C
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EDC3F0,00000000), ref: 008FB452
                                                                                                    • ReadFile.KERNELBASE(00000000,008F435C,00000040,?,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB49A
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,76EDC3F0,00000000), ref: 008FB4A0
                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB4FD
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB503
                                                                                                    • ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB54C
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB552
                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB5C3
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,76EDC3F0,00000000), ref: 008FB5C9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$Pointer$Read
                                                                                                    • String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp
                                                                                                    • API String ID: 2600052162-695169583
                                                                                                    • Opcode ID: 7ec9f5ff69a18a6455b6b3b1d1a5a826b81c4906a4dcf07016940f19ee82f021
                                                                                                    • Instruction ID: 7ddcf23c8fbfabde6376c7491d492b4e28ad10034ade76c167a3639a8605d629
                                                                                                    • Opcode Fuzzy Hash: 7ec9f5ff69a18a6455b6b3b1d1a5a826b81c4906a4dcf07016940f19ee82f021
                                                                                                    • Instruction Fuzzy Hash: 5512A171A40329ABEB209A79CC85FBBB6A8FF44754F014165FE09EB181DB718D40CFA5
                                                                                                    Function 00910A77 Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288synchronizationCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 533 910a77-910a90 SetEvent 534 910a92-910ac5 GetLastError call 8f37d3 533->534 535 910aca-910ad6 WaitForSingleObject 533->535 547 910e25-910e26 call 93012f 534->547 536 910b10-910b1b ResetEvent 535->536 537 910ad8-910b0b GetLastError call 8f37d3 535->537 540 910b55-910b5b 536->540 541 910b1d-910b50 GetLastError call 8f37d3 536->541 537->547 545 910b96-910baf call 8f21bc 540->545 546 910b5d-910b60 540->546 541->547 558 910bb1-910bc5 call 93012f 545->558 559 910bca-910bd5 SetEvent 545->559 550 910b62-910b87 call 8f37d3 call 93012f 546->550 551 910b8c-910b91 546->551 556 910e2b-910e2c 547->556 550->556 555 910e2d-910e2f 551->555 557 910e30-910e40 555->557 556->555 558->555 562 910c00-910c0c WaitForSingleObject 559->562 563 910bd7-910bf6 GetLastError 559->563 566 910c37-910c42 ResetEvent 562->566 567 910c0e-910c2d GetLastError 562->567 563->562 569 910c44-910c63 GetLastError 566->569 570 910c6d-910c74 566->570 567->566 569->570 571 910ce3-910d05 CreateFileW 570->571 572 910c76-910c79 570->572 575 910d42-910d57 SetFilePointerEx 571->575 576 910d07-910d38 GetLastError call 8f37d3 571->576 573 910ca0-910ca7 call 8f38d4 572->573 574 910c7b-910c7e 572->574 587 910cac-910cb1 573->587 577 910c80-910c83 574->577 578 910c99-910c9b 574->578 579 910d91-910d9c SetEndOfFile 575->579 580 910d59-910d8c GetLastError call 8f37d3 575->580 576->575 577->551 583 910c89-910c8f 577->583 578->557 585 910dd3-910df0 SetFilePointerEx 579->585 586 910d9e-910dd1 GetLastError call 8f37d3 579->586 580->547 583->578 585->555 593 910df2-910e20 GetLastError call 8f37d3 585->593 586->547 591 910cb3-910ccd call 8f37d3 587->591 592 910cd2-910cde 587->592 591->547 592->555 593->547
                                                                                                    APIs
                                                                                                    • SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,00910621,?,?), ref: 00910A85
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00910621,?,?), ref: 00910A92
                                                                                                    • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,00910621,?,?), ref: 00910ACE
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,00910621,?,?), ref: 00910AD8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$EventObjectSingleWait
                                                                                                    • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
                                                                                                    • API String ID: 3600396749-2104912459
                                                                                                    • Opcode ID: c4722814c21d4dc61f411fa653e4616184867e93a5ceb4a15266725758e3cef7
                                                                                                    • Instruction ID: 6696141577615e573bf6b5d2ead0dea9832d07c33070f21a394e86f4fcba7458
                                                                                                    • Opcode Fuzzy Hash: c4722814c21d4dc61f411fa653e4616184867e93a5ceb4a15266725758e3cef7
                                                                                                    • Instruction Fuzzy Hash: D7915972B84725BBF7206A798D49FA735D8FF44754F010224FE09EB5A0D7A6CC809AD1
                                                                                                    Function 009052E3 Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 222filepipesleepCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 677 9052e3-905326 lstrlenW GetCurrentProcessId 678 905329-905330 677->678 679 9055b2-9055ba 678->679 680 905336-90534e SetNamedPipeHandleState 678->680 681 905354 680->681 682 90557b-9055a5 GetLastError call 8f37d3 680->682 683 905358-905363 ConnectNamedPipe 681->683 691 9055aa-9055b1 call 93012f 682->691 685 905365-90536c GetLastError 683->685 686 90539c-9053a2 683->686 688 905372-905377 685->688 689 905457-905459 685->689 686->683 690 9053a4-9053a6 686->690 693 905444-905452 688->693 694 90537d-905385 688->694 692 9053ac-9053c1 SetNamedPipeHandleState 689->692 690->692 695 905463-905478 call 8f37d3 690->695 691->679 700 9053c7-9053dc WriteFile 692->700 701 90554a-905579 GetLastError call 8f37d3 692->701 693->690 698 90538b-905396 Sleep 694->698 699 90545e 694->699 695->691 698->686 699->695 705 9053e2-9053f7 WriteFile 700->705 706 905519-905548 GetLastError call 8f37d3 700->706 701->691 709 9054e5-905514 GetLastError call 8f37d3 705->709 710 9053fd-905412 WriteFile 705->710 706->691 709->691 713 9054b1-9054e0 GetLastError call 8f37d3 710->713 714 905418-90542d ReadFile 710->714 713->691 717 90547d-9054ac GetLastError call 8f37d3 714->717 718 90542f-905439 714->718 717->691 718->678 721 90543f 718->721 721->679
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(?,?,00000000,?,0093B4F0,?,00000000,?,008F442A,?,0093B4F0), ref: 00905304
                                                                                                    • GetCurrentProcessId.KERNEL32(?,008F442A,?,0093B4F0), ref: 0090530F
                                                                                                    • SetNamedPipeHandleState.KERNELBASE(?,000000FF,00000000,00000000,?,008F442A,?,0093B4F0), ref: 00905346
                                                                                                    • ConnectNamedPipe.KERNELBASE(?,00000000,?,008F442A,?,0093B4F0), ref: 0090535B
                                                                                                    • GetLastError.KERNEL32(?,008F442A,?,0093B4F0), ref: 00905365
                                                                                                    • Sleep.KERNELBASE(00000064,?,008F442A,?,0093B4F0), ref: 00905396
                                                                                                    • SetNamedPipeHandleState.KERNELBASE(?,00000000,00000000,00000000,?,008F442A,?,0093B4F0), ref: 009053B9
                                                                                                    • WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,008F442A,?,0093B4F0), ref: 009053D4
                                                                                                    • WriteFile.KERNEL32(?,008F442A,0093B4F0,00000000,00000000,?,008F442A,?,0093B4F0), ref: 009053EF
                                                                                                    • WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,008F442A,?,0093B4F0), ref: 0090540A
                                                                                                    • ReadFile.KERNELBASE(?,00000000,00000004,00000000,00000000,?,008F442A,?,0093B4F0), ref: 00905425
                                                                                                    • GetLastError.KERNEL32(?,008F442A,?,0093B4F0), ref: 0090547D
                                                                                                    • GetLastError.KERNEL32(?,008F442A,?,0093B4F0), ref: 009054B1
                                                                                                    • GetLastError.KERNEL32(?,008F442A,?,0093B4F0), ref: 009054E5
                                                                                                    • GetLastError.KERNEL32(?,008F442A,?,0093B4F0), ref: 0090557B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
                                                                                                    • String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
                                                                                                    • API String ID: 2944378912-2047837012
                                                                                                    • Opcode ID: 6c6613203cfc57987b17269b1d02b63483219da9abada77a7029de62f37b1fd4
                                                                                                    • Instruction ID: ac2d4dca695feeb4ad5b47e37875823de8ef6414f818330e8447c5964a2ab085
                                                                                                    • Opcode Fuzzy Hash: 6c6613203cfc57987b17269b1d02b63483219da9abada77a7029de62f37b1fd4
                                                                                                    • Instruction Fuzzy Hash: D16194B2E50729AEE710EAB98D45FABB6EDEF04740F124125FE05E71D0D7648E008EE5
                                                                                                    Function 008F508D Relevance: 44.1, APIs: 5, Strings: 20, Instructions: 322COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 723 8f508d-8f513b call 91f670 * 2 GetModuleHandleW call 9303f0 call 9305a2 call 8f1209 734 8f513d 723->734 735 8f5151-8f5162 call 8f41d2 723->735 736 8f5142-8f514c call 93012f 734->736 740 8f516b-8f5187 call 8f5525 CoInitializeEx 735->740 741 8f5164-8f5169 735->741 744 8f53cc-8f53d3 736->744 748 8f5189-8f518e 740->748 749 8f5190-8f519c call 92fbad 740->749 741->736 746 8f53d5-8f53db call 9354ef 744->746 747 8f53e0-8f53e2 744->747 746->747 751 8f5407-8f5425 call 8fd723 call 90a6d0 call 90a91e 747->751 752 8f53e4-8f53eb 747->752 748->736 760 8f519e 749->760 761 8f51b0-8f51bf call 930cd1 749->761 773 8f5427-8f542f 751->773 774 8f5453-8f5466 call 8f4e9c 751->774 752->751 753 8f53ed-8f5402 call 93041b 752->753 753->751 763 8f51a3-8f51ab call 93012f 760->763 768 8f51c8-8f51d7 call 9329b3 761->768 769 8f51c1-8f51c6 761->769 763->744 779 8f51d9-8f51de 768->779 780 8f51e0-8f51ef call 93343b 768->780 769->763 773->774 777 8f5431-8f5434 773->777 782 8f546d-8f5474 774->782 783 8f5468 call 933911 774->783 777->774 781 8f5436-8f5451 call 90416a call 8f550f 777->781 779->763 792 8f51f8-8f5217 GetVersionExW 780->792 793 8f51f1-8f51f6 780->793 781->774 787 8f547b-8f5482 782->787 788 8f5476 call 932dd0 782->788 783->782 794 8f5489-8f5490 787->794 795 8f5484 call 931317 787->795 788->787 797 8f5219-8f524c GetLastError call 8f37d3 792->797 798 8f5251-8f5296 call 8f33d7 call 8f550f 792->798 793->763 800 8f5497-8f5499 794->800 801 8f5492 call 92fcbc 794->801 795->794 797->763 819 8f52a9-8f52b9 call 907337 798->819 820 8f5298-8f52a3 call 9354ef 798->820 806 8f549b CoUninitialize 800->806 807 8f54a1-8f54a8 800->807 801->800 806->807 808 8f54aa-8f54ac 807->808 809 8f54e3-8f54ec call 93000b 807->809 813 8f54ae-8f54b0 808->813 814 8f54b2-8f54b8 808->814 822 8f54ee call 8f44e9 809->822 823 8f54f3-8f550c call 9306f5 call 91de36 809->823 817 8f54ba-8f54c9 call 903c30 call 8f550f 813->817 814->817 836 8f54ce-8f54d3 817->836 834 8f52bb 819->834 835 8f52c5-8f52ce 819->835 820->819 822->823 834->835 839 8f5396-8f53ac call 8f4c33 835->839 840 8f52d4-8f52d7 835->840 836->809 838 8f54d5-8f54e2 call 8f550f 836->838 838->809 851 8f53ae 839->851 852 8f53b8-8f53ca 839->852 843 8f536e-8f5381 call 8f49df 840->843 844 8f52dd-8f52e0 840->844 850 8f5386-8f538a 843->850 848 8f5346-8f5362 call 8f47e9 844->848 849 8f52e2-8f52e5 844->849 848->852 863 8f5364 848->863 854 8f531e-8f533a call 8f4982 849->854 855 8f52e7-8f52ea 849->855 850->852 856 8f538c 850->856 851->852 852->744 854->852 865 8f533c 854->865 859 8f52ec-8f52f1 855->859 860 8f52fb-8f530e call 8f4b80 855->860 856->839 859->860 860->852 866 8f5314 860->866 863->843 865->848 866->854
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 008F510F
                                                                                                      • Part of subcall function 009303F0: InitializeCriticalSection.KERNEL32(0095B60C,?,008F511B,00000000,?,?,?,?,?,?), ref: 00930407
                                                                                                      • Part of subcall function 008F1209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,008F5137,00000000,?), ref: 008F1247
                                                                                                      • Part of subcall function 008F1209: GetLastError.KERNEL32(?,?,?,008F5137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 008F1251
                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 008F517D
                                                                                                      • Part of subcall function 00930CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00930CF2
                                                                                                    • GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 008F520F
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 008F5219
                                                                                                    • CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008F549B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
                                                                                                    • String ID: 3.10.4.4718$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
                                                                                                    • API String ID: 3262001429-867073019
                                                                                                    • Opcode ID: f1894b66bd8dc513bcca8a17c45796ec194118b3ea989f9f837d64d8b9954509
                                                                                                    • Instruction ID: 3f64c79987729921720f49c13030667f4352d7b8a78c3cf03f5ebbedede1a85c
                                                                                                    • Opcode Fuzzy Hash: f1894b66bd8dc513bcca8a17c45796ec194118b3ea989f9f837d64d8b9954509
                                                                                                    • Instruction Fuzzy Hash: C2B19271D41A2DABDB32AB74CC56BFE76A8FF84715F000195FB08E6241DB709E809E91
                                                                                                    Function 008F567D Relevance: 42.5, APIs: 5, Strings: 19, Instructions: 476stringCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 867 8f567d-8f56c4 EnterCriticalSection lstrlenW call 8f1ede 870 8f56ca-8f56d7 call 93012f 867->870 871 8f58b1-8f58bf call 91f7ca 867->871 878 8f5b53-8f5b61 LeaveCriticalSection 870->878 876 8f56dc-8f56ee call 91f7ca 871->876 877 8f58c5-8f58e2 call 8f823e 871->877 876->877 895 8f56f4-8f5700 876->895 890 8f5728 877->890 891 8f58e8-8f58eb call 92f3d0 877->891 881 8f5b9c-8f5ba1 878->881 882 8f5b63-8f5b69 878->882 884 8f5ba9-8f5bad 881->884 885 8f5ba3-8f5ba4 call 92f3c0 881->885 887 8f5b6b 882->887 888 8f5b96-8f5b97 call 8f3999 882->888 893 8f5baf-8f5bb3 884->893 894 8f5bcd-8f5be0 call 8f2793 * 3 884->894 885->884 896 8f5b6d-8f5b71 887->896 888->881 905 8f572d 890->905 911 8f58f0-8f58f7 891->911 899 8f5bbd-8f5bc1 893->899 900 8f5bb5-8f5bb8 call 9354ef 893->900 916 8f5be5-8f5bed 894->916 901 8f573a-8f573c 895->901 902 8f5702-8f5722 call 8f823e 895->902 903 8f5b83-8f5b86 call 8f2793 896->903 904 8f5b73-8f5b77 896->904 899->916 917 8f5bc3-8f5bcb call 9354ef 899->917 900->899 909 8f573e-8f575f call 8f823e 901->909 910 8f5764-8f5785 call 8f8281 901->910 902->890 934 8f58ab-8f58ae 902->934 914 8f5b8b-8f5b8e 903->914 904->914 915 8f5b79-8f5b81 call 9354ef 904->915 907 8f572e-8f5735 call 93012f 905->907 937 8f5b50 907->937 909->890 939 8f5761 909->939 941 8f578b-8f579d 910->941 942 8f5998-8f599d 910->942 922 8f58fd-8f591c call 8f37d3 911->922 923 8f59a2-8f59b0 call 92f3e0 911->923 914->896 919 8f5b90-8f5b93 914->919 915->914 917->916 919->888 944 8f593d-8f593e 922->944 947 8f59e7-8f59ee 923->947 948 8f59b2-8f59e2 call 8f37d3 923->948 934->871 937->878 939->910 945 8f579f-8f57a7 call 8f3a72 941->945 946 8f57b4-8f57c0 call 8f38d4 941->946 942->905 944->907 964 8f591e-8f5938 call 8f37d3 945->964 965 8f57ad-8f57b2 945->965 959 8f5977-8f5996 call 8f37d3 946->959 960 8f57c6-8f57ca 946->960 951 8f5a21-8f5a3c call 92f3f0 947->951 952 8f59f0-8f59f3 947->952 948->905 972 8f5a3e-8f5a40 951->972 973 8f5aac-8f5ab0 951->973 956 8f59f6-8f5a01 952->956 961 8f5a1a-8f5a1d 956->961 962 8f5a03-8f5a12 call 92f3e0 956->962 959->944 966 8f57cc-8f57d3 960->966 967 8f57f2-8f57f6 960->967 961->956 970 8f5a1f 961->970 987 8f5a77-8f5aa7 call 8f37d3 962->987 988 8f5a14-8f5a17 962->988 964->944 965->960 966->967 974 8f57d5-8f57f0 call 8f8281 966->974 978 8f57f8-8f580e call 8f7e13 967->978 979 8f5814-8f581b 967->979 970->951 972->973 982 8f5a42-8f5a72 call 8f37d3 972->982 975 8f5ab6-8f5acf call 8f821f 973->975 976 8f5b44-8f5b49 973->976 1001 8f5862-8f5864 974->1001 1002 8f5adb-8f5aed call 92f3f0 975->1002 1003 8f5ad1-8f5ad6 975->1003 976->937 984 8f5b4b-8f5b4e 976->984 978->979 1004 8f5943-8f5954 call 93012f 978->1004 990 8f581d-8f582e call 8f21a5 979->990 991 8f5830-8f583a call 8f7203 979->991 982->905 984->937 987->905 988->961 1007 8f585a-8f585c 990->1007 999 8f583f-8f584a 991->999 1008 8f585f 999->1008 1009 8f584c-8f5855 call 8f22f9 999->1009 1010 8f596d 1001->1010 1011 8f586a-8f5888 call 8f8260 1001->1011 1018 8f5aef-8f5b1f call 8f37d3 1002->1018 1019 8f5b24-8f5b38 call 8f8281 1002->1019 1003->905 1004->937 1007->1008 1008->1001 1009->1007 1010->959 1021 8f588e-8f58a5 call 8f823e 1011->1021 1022 8f5963 1011->1022 1018->905 1019->976 1027 8f5b3a-8f5b3f 1019->1027 1021->934 1029 8f5959 1021->1029 1022->1010 1027->905 1029->1022
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(000002C0,00000100,00000100,00000000,00000000,?,008F99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 008F56A2
                                                                                                    • lstrlenW.KERNEL32(00000000,?,008F99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0,00000100), ref: 008F56AC
                                                                                                    • _wcschr.LIBVCRUNTIME ref: 008F58B4
                                                                                                    • LeaveCriticalSection.KERNEL32(000002C0,00000000,00000000,00000000,00000000,00000000,00000001,?,008F99BB,000002C0,?,00000000,00000000,000002C0,00000100,000002C0), ref: 008F5B56
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave_wcschrlstrlen
                                                                                                    • String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
                                                                                                    • API String ID: 1026845265-2050445661
                                                                                                    • Opcode ID: 8cea956d9900e67ae8e6841f5a8b0f979d2cd95082895a60a93611ef762ef550
                                                                                                    • Instruction ID: ebdfbb543433fac2c56242db3f15679c828841066b67cad429b072bb36e83a60
                                                                                                    • Opcode Fuzzy Hash: 8cea956d9900e67ae8e6841f5a8b0f979d2cd95082895a60a93611ef762ef550
                                                                                                    • Instruction Fuzzy Hash: BFF191B1A00A2DEBDB11AFB49841ABF7BA8FF44754F11412ABF15E7240D7749E018FA1
                                                                                                    Function 00907337 Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1135 907337-90737c call 91f670 call 8f7503 1140 907388-907399 call 8fc2a1 1135->1140 1141 90737e-907383 1135->1141 1146 9073a5-9073b6 call 8fc108 1140->1146 1147 90739b-9073a0 1140->1147 1142 907602-907609 call 93012f 1141->1142 1150 90760a-90760f 1142->1150 1157 9073c2-9073d7 call 8fc362 1146->1157 1158 9073b8-9073bd 1146->1158 1147->1142 1151 907611-907612 call 9354ef 1150->1151 1152 907617-90761b 1150->1152 1151->1152 1155 907625-90762a 1152->1155 1156 90761d-907620 call 9354ef 1152->1156 1160 907632-90763f call 8fc055 1155->1160 1161 90762c-90762d call 9354ef 1155->1161 1156->1155 1166 9073e3-9073f3 call 91bdc9 1157->1166 1167 9073d9-9073de 1157->1167 1158->1142 1170 907641-907644 call 9354ef 1160->1170 1171 907649-90764d 1160->1171 1161->1160 1178 9073f5-9073fa 1166->1178 1179 9073ff-907472 call 905a35 1166->1179 1167->1142 1170->1171 1174 907657-90765b 1171->1174 1175 90764f-907652 call 9354ef 1171->1175 1176 907665-90766d 1174->1176 1177 90765d-907660 call 8f3999 1174->1177 1175->1174 1177->1176 1178->1142 1184 907474-907479 1179->1184 1185 90747e-9074c2 call 8f550f GetCurrentProcess call 93076c call 8f8152 1179->1185 1184->1142 1192 9074c4-9074d7 call 93012f 1185->1192 1193 9074dc-9074e1 1185->1193 1192->1150 1195 9074e3-9074f5 call 8f80f6 1193->1195 1196 90753d-907542 1193->1196 1207 907501-907511 call 8f3446 1195->1207 1208 9074f7-9074fc 1195->1208 1197 907562-90756b 1196->1197 1198 907544-907556 call 8f80f6 1196->1198 1202 907577-90758b call 90a307 1197->1202 1203 90756d-907570 1197->1203 1198->1197 1210 907558-90755d 1198->1210 1215 907594 1202->1215 1216 90758d-907592 1202->1216 1203->1202 1206 907572-907575 1203->1206 1206->1202 1211 90759a-90759d 1206->1211 1220 907513-907518 1207->1220 1221 90751d-907531 call 8f80f6 1207->1221 1208->1142 1210->1142 1217 9075a4-9075ba call 8fd497 1211->1217 1218 90759f-9075a2 1211->1218 1215->1211 1216->1142 1224 9075c3-9075d2 call 8fcabe 1217->1224 1225 9075bc-9075c1 1217->1225 1218->1150 1218->1217 1220->1142 1221->1196 1227 907533-907538 1221->1227 1229 9075d7-9075db 1224->1229 1225->1142 1227->1142 1230 9075e4-9075fb call 8fc7df 1229->1230 1231 9075dd-9075e2 1229->1231 1230->1150 1234 9075fd 1230->1234 1231->1142 1234->1142
                                                                                                    Strings
                                                                                                    • Failed to load manifest., xrefs: 009073F5
                                                                                                    • Failed to initialize variables., xrefs: 0090737E
                                                                                                    • WixBundleElevated, xrefs: 009074B3, 009074C4
                                                                                                    • Failed to set source process path variable., xrefs: 009074F7
                                                                                                    • Failed to parse command line., xrefs: 00907474
                                                                                                    • WixBundleSourceProcessFolder, xrefs: 00907522
                                                                                                    • Failed to overwrite the %ls built-in variable., xrefs: 009074C9
                                                                                                    • Failed to extract bootstrapper application payloads., xrefs: 009075DD
                                                                                                    • WixBundleSourceProcessPath, xrefs: 009074E6
                                                                                                    • Failed to initialize internal cache functionality., xrefs: 0090758D
                                                                                                    • Failed to get source process folder from path., xrefs: 00907513
                                                                                                    • Failed to get unique temporary folder for bootstrapper application., xrefs: 009075BC
                                                                                                    • Failed to set source process folder variable., xrefs: 00907533
                                                                                                    • Failed to load catalog files., xrefs: 009075FD
                                                                                                    • Failed to open manifest stream., xrefs: 009073B8
                                                                                                    • Failed to get manifest stream from container., xrefs: 009073D9
                                                                                                    • Failed to set original source variable., xrefs: 00907558
                                                                                                    • Failed to open attached UX container., xrefs: 0090739B
                                                                                                    • WixBundleOriginalSource, xrefs: 00907547
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalInitializeSection
                                                                                                    • String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
                                                                                                    • API String ID: 32694325-252221001
                                                                                                    • Opcode ID: c10ecbb246e531773607146350a86c26117ffd4daf44af79df9e6c79ed61109c
                                                                                                    • Instruction ID: 1df255323bb2eeb8f61d5a7fc25d5fc643a0d7a102a7a20e44692b65c61794d8
                                                                                                    • Opcode Fuzzy Hash: c10ecbb246e531773607146350a86c26117ffd4daf44af79df9e6c79ed61109c
                                                                                                    • Instruction Fuzzy Hash: 73917172E44A1ABECB129AE4CC55FEFF76CBF04714F004626F616E6181D731AA448BD1
                                                                                                    Function 009084C4 Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 205fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1235 9084c4-908512 CreateFileW 1236 908514-908553 GetLastError call 8f37d3 call 93012f 1235->1236 1237 908558-908568 call 9347d3 1235->1237 1248 9086fc-90870e call 91de36 1236->1248 1243 908580-90858b call 933db5 1237->1243 1244 90856a-90857b call 93012f 1237->1244 1250 908590-908594 1243->1250 1252 9086f5-9086f6 FindCloseChangeNotification 1244->1252 1253 908596-9085aa call 93012f 1250->1253 1254 9085af-9085b4 1250->1254 1252->1248 1253->1252 1254->1252 1256 9085ba-9085c9 SetFilePointerEx 1254->1256 1259 908603-908613 call 934cee 1256->1259 1260 9085cb-9085fe GetLastError call 8f37d3 1256->1260 1266 908615-90861a 1259->1266 1267 90861f-908630 SetFilePointerEx 1259->1267 1265 9086ed-9086f4 call 93012f 1260->1265 1265->1252 1266->1265 1268 908632-908665 GetLastError call 8f37d3 1267->1268 1269 90866a-90867a call 934cee 1267->1269 1268->1265 1269->1266 1276 90867c-90868c call 934cee 1269->1276 1276->1266 1279 90868e-90869f SetFilePointerEx 1276->1279 1280 9086a1-9086d4 GetLastError call 8f37d3 1279->1280 1281 9086d6-9086e6 call 934cee 1279->1281 1280->1265 1281->1252 1286 9086e8 1281->1286 1286->1265
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,008F4CB6,?,?,00000000,008F4CB6,00000000), ref: 00908507
                                                                                                    • GetLastError.KERNEL32 ref: 00908514
                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,0093B4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009086F6
                                                                                                    Strings
                                                                                                    • Failed to seek to original data in exe burn section header., xrefs: 009086CF
                                                                                                    • msi.dll, xrefs: 00908608
                                                                                                    • Failed to seek to checksum in exe header., xrefs: 009085F9
                                                                                                    • Failed to seek to beginning of engine file: %ls, xrefs: 0090856D
                                                                                                    • Failed to seek to signature table in exe header., xrefs: 00908660
                                                                                                    • cabinet.dll, xrefs: 0090866F
                                                                                                    • Failed to zero out original data offset., xrefs: 009086E8
                                                                                                    • Failed to create engine file at path: %ls, xrefs: 00908545
                                                                                                    • Failed to copy engine from: %ls to: %ls, xrefs: 0090859C
                                                                                                    • Failed to update signature offset., xrefs: 00908615
                                                                                                    • cache.cpp, xrefs: 00908538, 009085EF, 00908656, 009086C5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ChangeCloseCreateErrorFileFindLastNotification
                                                                                                    • String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll
                                                                                                    • API String ID: 4091947256-1976062716
                                                                                                    • Opcode ID: f042c2f664989ae646827527561febf9d3d98b25e858e22166d99fa861acc337
                                                                                                    • Instruction ID: 597da685b4ce5b091e3122f9831db2a6efd2a8b0b89ed3f2250f7759db517e1e
                                                                                                    • Opcode Fuzzy Hash: f042c2f664989ae646827527561febf9d3d98b25e858e22166d99fa861acc337
                                                                                                    • Instruction Fuzzy Hash: 5351E8B2B44625BFEB116BA88C45F7B769CEB44710F020125FE05F72C5EB659C009AE5
                                                                                                    Function 008F7503 Relevance: 33.4, APIs: 1, Strings: 21, Instructions: 378COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1287 8f7503-8f7dc0 InitializeCriticalSection 1288 8f7dc3-8f7de0 call 8f5530 1287->1288 1291 8f7ded-8f7dfb call 93012f 1288->1291 1292 8f7de2-8f7de9 1288->1292 1295 8f7dfe-8f7e10 call 91de36 1291->1295 1292->1288 1293 8f7deb 1292->1293 1293->1295
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(00907378,008F52B5,00000000,008F533D), ref: 008F7523
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalInitializeSection
                                                                                                    • String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleVersion
                                                                                                    • API String ID: 32694325-826827252
                                                                                                    • Opcode ID: f2884900cac6f8b6cc325c2b4c896e9ef9ddafce1b84c2989ede5582b0681171
                                                                                                    • Instruction ID: c6f09100bae551f3b6eb8fa663e1413a696dfa339ac8d334380f8b39569a7bb2
                                                                                                    • Opcode Fuzzy Hash: f2884900cac6f8b6cc325c2b4c896e9ef9ddafce1b84c2989ede5582b0681171
                                                                                                    • Instruction Fuzzy Hash: F0320AF0D257798BDB65CF59898879DBAF8BB49B04F5081DAE24CB6211D7B00B848F84
                                                                                                    Function 009080AE Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 151COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1431 9080ae-9080f7 call 91f670 1434 908270-90827d call 8f21a5 1431->1434 1435 9080fd-90810b GetCurrentProcess call 93076c 1431->1435 1440 90828c-90829e call 91de36 1434->1440 1441 90827f 1434->1441 1439 908110-90811d 1435->1439 1442 908123-908132 GetWindowsDirectoryW 1439->1442 1443 9081ab-9081b9 GetTempPathW 1439->1443 1446 908284-90828b call 93012f 1441->1446 1447 908134-908167 GetLastError call 8f37d3 1442->1447 1448 90816c-90817d call 8f338f 1442->1448 1444 9081f3-908205 UuidCreate 1443->1444 1445 9081bb-9081ee GetLastError call 8f37d3 1443->1445 1453 908207-90820c 1444->1453 1454 90820e-908223 StringFromGUID2 1444->1454 1445->1446 1446->1440 1447->1446 1463 908189-90819f call 8f36b4 1448->1463 1464 90817f-908184 1448->1464 1453->1446 1460 908241-908262 call 8f1f20 1454->1460 1461 908225-90823f call 8f37d3 1454->1461 1470 908264-908269 1460->1470 1471 90826b 1460->1471 1461->1446 1463->1444 1473 9081a1-9081a6 1463->1473 1464->1446 1470->1446 1471->1434 1473->1446
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,?,?), ref: 00908104
                                                                                                      • Part of subcall function 0093076C: OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,00908110,00000000), ref: 0093078A
                                                                                                      • Part of subcall function 0093076C: GetLastError.KERNEL32(?,?,?,?,00908110,00000000), ref: 00930794
                                                                                                      • Part of subcall function 0093076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,00908110,00000000), ref: 0093081D
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 0090812A
                                                                                                    • GetLastError.KERNEL32 ref: 00908134
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000000), ref: 009081B1
                                                                                                    • GetLastError.KERNEL32 ref: 009081BB
                                                                                                    Strings
                                                                                                    • Failed to append bundle id on to temp path for working folder., xrefs: 00908264
                                                                                                    • %ls%ls\, xrefs: 0090824C
                                                                                                    • Failed to ensure windows path for working folder ended in backslash., xrefs: 0090817F
                                                                                                    • Failed to copy working folder path., xrefs: 0090827F
                                                                                                    • Failed to get temp path for working folder., xrefs: 009081E9
                                                                                                    • Failed to convert working folder guid into string., xrefs: 0090823A
                                                                                                    • Temp\, xrefs: 00908189
                                                                                                    • Failed to concat Temp directory on windows path for working folder., xrefs: 009081A1
                                                                                                    • Failed to get windows path for working folder., xrefs: 00908162
                                                                                                    • Failed to create working folder guid., xrefs: 00908207
                                                                                                    • cache.cpp, xrefs: 00908158, 009081DF, 00908230
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
                                                                                                    • String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp
                                                                                                    • API String ID: 58964441-819636856
                                                                                                    • Opcode ID: cad65a888c21f823edc3d2f45b511f594293dbff4fec884031c6dc67396b43bb
                                                                                                    • Instruction ID: de3b5be70d8fc872da1a90ef262f15f37867f0a96eef6cc3cc4e4f85ff0e4a9e
                                                                                                    • Opcode Fuzzy Hash: cad65a888c21f823edc3d2f45b511f594293dbff4fec884031c6dc67396b43bb
                                                                                                    • Instruction Fuzzy Hash: DA412AB2B45728BFDB60A6B8CC49FA773ACEB40751F000161FE45E7180EA749D458AE6
                                                                                                    Function 00919BB3 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 230threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1474 919bb3-919bdd 1475 919be0-919be6 1474->1475 1476 919bec 1475->1476 1477 919e1e-919e23 1475->1477 1476->1477 1479 919c31-919c4d call 91a29b 1476->1479 1480 919bf3-919bf6 1476->1480 1481 919cf3-919cf6 call 91a1f1 1476->1481 1482 919d12-919d1a 1476->1482 1483 919ca4-919cc7 call 91a7b9 1476->1483 1484 919cd4-919ce3 call 91aa9d 1476->1484 1485 919d54 1476->1485 1486 919bfb-919c20 WaitForMultipleObjects 1476->1486 1487 919c5a-919c6a call 91a4a0 1476->1487 1488 919c7f-919c9b call 91a5fb 1476->1488 1489 919d4f-919d52 1476->1489 1478 919e28-919e29 1477->1478 1498 919e2c-919e35 call 93012f 1478->1498 1503 919c29-919c2c 1479->1503 1522 919c4f 1479->1522 1495 919d57-919d5a 1480->1495 1508 919cfb-919d02 1481->1508 1499 919d1c-919d2c call 90dc2f 1482->1499 1500 919d3e-919d43 1482->1500 1506 919d5c-919d64 1483->1506 1515 919ccd-919cd2 1483->1515 1484->1503 1518 919ce9-919cee 1484->1518 1485->1495 1491 919d83-919d86 1486->1491 1492 919c26 1486->1492 1509 919c6f-919c76 1487->1509 1488->1503 1527 919c9d-919ca2 1488->1527 1489->1495 1513 919dc3-919dd0 GetExitCodeThread 1491->1513 1514 919d88-919db9 GetLastError call 8f37d3 1491->1514 1492->1503 1495->1506 1531 919e36-919e3e 1498->1531 1532 919d3b 1499->1532 1533 919d2e-919d3a call 93012f 1499->1533 1505 919d45-919d4a 1500->1505 1500->1506 1503->1506 1523 919c54-919c55 1505->1523 1524 919d66 1506->1524 1525 919d68-919d6c 1506->1525 1508->1503 1519 919d08-919d0d 1508->1519 1509->1503 1526 919c78-919c7d 1509->1526 1516 919dd2-919e08 GetLastError call 8f37d3 1513->1516 1517 919e0a-919e1c 1513->1517 1535 919dbe-919dc1 1514->1535 1515->1523 1516->1535 1517->1478 1518->1523 1519->1523 1522->1523 1523->1498 1524->1525 1525->1531 1534 919d72-919d75 1525->1534 1526->1523 1527->1523 1532->1500 1533->1532 1534->1531 1538 919d7b-919d7e 1534->1538 1535->1498 1538->1475
                                                                                                    APIs
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,00000000,?,0091BA53,00000001), ref: 00919C18
                                                                                                    • GetLastError.KERNEL32(?,0091BA53,00000001), ref: 00919D88
                                                                                                    • GetExitCodeThread.KERNEL32(00000001,00000000,?,0091BA53,00000001), ref: 00919DC8
                                                                                                    • GetLastError.KERNEL32(?,0091BA53,00000001), ref: 00919DD2
                                                                                                    Strings
                                                                                                    • Cache thread exited unexpectedly., xrefs: 00919E14
                                                                                                    • Failed to execute EXE package., xrefs: 00919C4F
                                                                                                    • Failed to execute MSU package., xrefs: 00919CCD
                                                                                                    • Failed to execute package provider registration action., xrefs: 00919CE9
                                                                                                    • Failed to load compatible package on per-machine package., xrefs: 00919D2E
                                                                                                    • Invalid execute action., xrefs: 00919E23
                                                                                                    • Failed to wait for cache check-point., xrefs: 00919DB9
                                                                                                    • Failed to execute compatible package action., xrefs: 00919D45
                                                                                                    • Failed to execute dependency action., xrefs: 00919D08
                                                                                                    • Failed to execute MSI package., xrefs: 00919C78
                                                                                                    • apply.cpp, xrefs: 00919DAC, 00919DF6
                                                                                                    • Failed to execute MSP package., xrefs: 00919C9D
                                                                                                    • Failed to get cache thread exit code., xrefs: 00919E03
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
                                                                                                    • String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
                                                                                                    • API String ID: 3703294532-2662572847
                                                                                                    • Opcode ID: dd8eaf83535a323c8f2399ded7558ac6ef78206f5c25ecaf213ed12f27b556dd
                                                                                                    • Instruction ID: 803e6c65bdabad1859a33877b0c19923e0e43e36d2eeaa255b0ca1881a305338
                                                                                                    • Opcode Fuzzy Hash: dd8eaf83535a323c8f2399ded7558ac6ef78206f5c25ecaf213ed12f27b556dd
                                                                                                    • Instruction Fuzzy Hash: 8C716C71B05229EFEB14DF64C951EFEB7F8EB88B14F104569F805EB290D274AE409B90
                                                                                                    Function 00913870 Relevance: 28.6, APIs: 1, Strings: 15, Instructions: 589COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen
                                                                                                    • String ID: Failed to convert version: %ls to DWORD64 for ProductCode: %ls$Failed to copy the installed ProductCode to the package.$Failed to enum related products.$Failed to get product information for ProductCode: %ls$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$Failed to query feature state.$Invalid state value.$Language$UX aborted detect compatible MSI package.$UX aborted detect related MSI package.$UX aborted detect.$VersionString$msasn1.dll$msiengine.cpp
                                                                                                    • API String ID: 1659193697-2574767977
                                                                                                    • Opcode ID: f8a86e4e791508fdaa65bb9957cb4ef6efcd271ee429d20acd851c1a8cfcfd30
                                                                                                    • Instruction ID: d4651b964fb10b229dec2c5471551dbf3ef0f0fbb938f31b01aaf24341bebafd
                                                                                                    • Opcode Fuzzy Hash: f8a86e4e791508fdaa65bb9957cb4ef6efcd271ee429d20acd851c1a8cfcfd30
                                                                                                    • Instruction Fuzzy Hash: AE227D71B0061DAFEB259EA4C881FEDB7B9FF44304F108569E519AB291D730AE90CF90
                                                                                                    Function 008F41D2 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,008F515E,?,?,00000000,?,?), ref: 008F41FE
                                                                                                    • InitializeCriticalSection.KERNEL32(000000D0,?,?,008F515E,?,?,00000000,?,?), ref: 008F4207
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,008F515E,?,?,00000000,?,?), ref: 008F424D
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,008F515E,?,?,00000000,?,?), ref: 008F4257
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,008F515E,?,?,00000000,?,?), ref: 008F426B
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.attached,?,?,008F515E,?,?,00000000,?,?), ref: 008F427B
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,008F515E,?,?,00000000,?,?), ref: 008F42CB
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,008F515E,?,?,00000000,?,?), ref: 008F42D5
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,008F515E,?,?,00000000,?,?), ref: 008F42E9
                                                                                                    • lstrlenW.KERNEL32(burn.filehandle.self,?,?,008F515E,?,?,00000000,?,?), ref: 008F42F9
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: lstrlen$CompareCriticalInitializeSectionString
                                                                                                    • String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
                                                                                                    • API String ID: 3039292287-3209860532
                                                                                                    • Opcode ID: 0a70cb3003f52abefe2169521db17513f22d83b2f11d0c1c8cc629bbcce48c18
                                                                                                    • Instruction ID: 8c73d99b67ecfd030871110e4d5f129250e77b738bb4d12f18dd4529cb92d389
                                                                                                    • Opcode Fuzzy Hash: 0a70cb3003f52abefe2169521db17513f22d83b2f11d0c1c8cc629bbcce48c18
                                                                                                    • Instruction Fuzzy Hash: 3051A271A4421ABFC724AB79DC86FABB76CFB44764F100116F718D7290DBB0A950CBA4
                                                                                                    Function 0090E563 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • TlsSetValue.KERNEL32(?,?), ref: 0090E5AE
                                                                                                    • RegisterClassW.USER32(?), ref: 0090E5DA
                                                                                                    • GetLastError.KERNEL32 ref: 0090E5E5
                                                                                                    • CreateWindowExW.USER32(00000080,00949CC4,00000000,90000000,80000000,00000008,00000000,00000000,00000000,00000000,?,?), ref: 0090E64C
                                                                                                    • GetLastError.KERNEL32 ref: 0090E656
                                                                                                    • UnregisterClassW.USER32(WixBurnMessageWindow,?), ref: 0090E6F4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
                                                                                                    • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
                                                                                                    • API String ID: 213125376-288575659
                                                                                                    • Opcode ID: 5260cf1d608f254d86f6e67f1efac701764fc54912185c0a35643165de73301e
                                                                                                    • Instruction ID: c80d96b49360f8dd1add316393077499c8ae9f5d805557c13750adbfb2d2cfc7
                                                                                                    • Opcode Fuzzy Hash: 5260cf1d608f254d86f6e67f1efac701764fc54912185c0a35643165de73301e
                                                                                                    • Instruction Fuzzy Hash: EF417F72A05214EFDB209BA4DC84BDBBFE9FF18350F104526FA09EA290D7319900DFA1
                                                                                                    Function 009329B3 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 008F37EA: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008F3829
                                                                                                      • Part of subcall function 008F37EA: GetLastError.KERNEL32 ref: 008F3833
                                                                                                      • Part of subcall function 00934932: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 0093495A
                                                                                                    • GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 009329FD
                                                                                                    • GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00932A20
                                                                                                    • GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00932A43
                                                                                                    • GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00932A66
                                                                                                    • GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00932A89
                                                                                                    • GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00932AAC
                                                                                                    • GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00932ACF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$ErrorLast$DirectorySystem
                                                                                                    • String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
                                                                                                    • API String ID: 2510051996-1735120554
                                                                                                    • Opcode ID: 9d6d930ead1b63a6edc538a264690141ba25c95ed8ae0cb53f959e35a1d30c94
                                                                                                    • Instruction ID: 3dbe707d15b93635b778c10588fe3b226ce164896b4d27e689ac5f3f13abf8bf
                                                                                                    • Opcode Fuzzy Hash: 9d6d930ead1b63a6edc538a264690141ba25c95ed8ae0cb53f959e35a1d30c94
                                                                                                    • Instruction Fuzzy Hash: FB31B9B066A308AFDB19DF27EC62A293BE5B78472A741452EF40993260E7719904EF40
                                                                                                    Function 008FC129 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 128fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(0091AB22,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,?,?,0091AB22), ref: 008FC170
                                                                                                    • GetLastError.KERNEL32(?,0091AB22), ref: 008FC181
                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00000000,?,?,0091AB22), ref: 008FC1D0
                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000,?,0091AB22), ref: 008FC1D6
                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,0091AB22), ref: 008FC1D9
                                                                                                    • GetLastError.KERNEL32(?,0091AB22), ref: 008FC1E3
                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,0091AB22), ref: 008FC235
                                                                                                    • GetLastError.KERNEL32(?,0091AB22), ref: 008FC23F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                                                    • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp
                                                                                                    • API String ID: 2619879409-2168299741
                                                                                                    • Opcode ID: 5a463fa184412efb7e40cfb342c19ee1278f06c6b72997edc5d9edb4d4a7d21b
                                                                                                    • Instruction ID: 802eed2dc4fee6ef4659595211cdf99652dcddae417142b7749ca8c646be509e
                                                                                                    • Opcode Fuzzy Hash: 5a463fa184412efb7e40cfb342c19ee1278f06c6b72997edc5d9edb4d4a7d21b
                                                                                                    • Instruction Fuzzy Hash: 9C41D132244309ABEB109F799D88F673BE9FBC5750F114129FA08DB291DB31C901DBA0
                                                                                                    Function 0092FBAD Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 74libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNELBASE(SystemFunction040,AdvApi32.dll), ref: 0092FBD5
                                                                                                    • GetProcAddress.KERNEL32(SystemFunction041), ref: 0092FBE7
                                                                                                    • GetProcAddress.KERNEL32(CryptProtectMemory,Crypt32.dll), ref: 0092FC2A
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0092FC3E
                                                                                                    • GetProcAddress.KERNEL32(CryptUnprotectMemory), ref: 0092FC76
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?), ref: 0092FC8A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$ErrorLast
                                                                                                    • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$SystemFunction040$SystemFunction041$cryputil.cpp
                                                                                                    • API String ID: 4214558900-3191127217
                                                                                                    • Opcode ID: 01b5ecb8041c2369401853563d0316f983d75d2bbc247b023c688b64656c30f7
                                                                                                    • Instruction ID: 52ec3589a013f25073a88d450e95a1d02379f62bc117967b92ecaf3f90b361d6
                                                                                                    • Opcode Fuzzy Hash: 01b5ecb8041c2369401853563d0316f983d75d2bbc247b023c688b64656c30f7
                                                                                                    • Instruction Fuzzy Hash: 2721D171A5873A9BD729AB3BAD14B2279E4EB90746F020135FD00E7164FB608C02BBD0
                                                                                                    Function 00911484 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 103COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,0000001C,?,00000000,00000000,00000000,00000000,?,008FC285,00000000,0091AB22,?,0091AB22), ref: 009114BB
                                                                                                    • GetLastError.KERNEL32(?,008FC285,00000000,0091AB22,?,0091AB22), ref: 009114C4
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorEventLast
                                                                                                    • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp
                                                                                                    • API String ID: 545576003-1680384675
                                                                                                    • Opcode ID: 39aa7df8358868a5e54e6dfa1c56adcbba0a73d3b27d89acc214bdc4d00b7fcf
                                                                                                    • Instruction ID: f425d2851706a0476eba8aaaa818cc952f14a7595c985ae6fe9cf2a4822e29c9
                                                                                                    • Opcode Fuzzy Hash: 39aa7df8358868a5e54e6dfa1c56adcbba0a73d3b27d89acc214bdc4d00b7fcf
                                                                                                    • Instruction Fuzzy Hash: 9021D7B2F8072D7AF72166795C41FB769DCEB84794F010222FE05E7580E664DC4049E6
                                                                                                    Function 00910627 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00910657
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 0091066F
                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00910674
                                                                                                    • DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00910677
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00910681
                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 009106F0
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 009106FD
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 009106A5, 00910721
                                                                                                    • Failed to duplicate handle to cab container., xrefs: 009106AF
                                                                                                    • <the>.cab, xrefs: 00910650
                                                                                                    • Failed to add virtual file pointer for cab container., xrefs: 009106D6
                                                                                                    • Failed to open cabinet file: %hs, xrefs: 0091072E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                                                    • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
                                                                                                    • API String ID: 3030546534-3446344238
                                                                                                    • Opcode ID: bd3fd2be79a25b459e93f19baf10ec1e0859275a2b5e0ba6663bf46c4e7c4ab6
                                                                                                    • Instruction ID: 52be2dab3db4c8eb1eb0743173ee8a1b8efb064f30a5f2cfa95af57c9afc38a5
                                                                                                    • Opcode Fuzzy Hash: bd3fd2be79a25b459e93f19baf10ec1e0859275a2b5e0ba6663bf46c4e7c4ab6
                                                                                                    • Instruction Fuzzy Hash: 94312872B41728BBEB206BA98C44F9B7AACFF84764F000225FD08E7150D7719D50DAE5
                                                                                                    Function 00902A60 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 298COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(00000000,00000001,006C0064,000000FF,002C002B,000000FF,?,00000000,?,wininet.dll,?,crypt32.dll,?,?,?,00000000), ref: 00902ACD
                                                                                                    Strings
                                                                                                    • wininet.dll, xrefs: 00902D1E
                                                                                                    • Failed to create the string dictionary., xrefs: 00902B06
                                                                                                    • Failed to add dependents ignored from command-line., xrefs: 00902B82
                                                                                                    • Failed to add self-dependent to ignore dependents., xrefs: 00902B51
                                                                                                    • Failed to add registration action for self dependent., xrefs: 00902D9E
                                                                                                    • Failed to add registration action for dependent related bundle., xrefs: 00902DD5
                                                                                                    • Failed to check for remaining dependents during planning., xrefs: 00902C73
                                                                                                    • Failed to add dependent bundle provider key to ignore dependents., xrefs: 00902C37
                                                                                                    • Failed to allocate registration action., xrefs: 00902B36
                                                                                                    • crypt32.dll, xrefs: 00902B18, 00902C16, 00902D0B, 00902D80
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.$crypt32.dll$wininet.dll
                                                                                                    • API String ID: 1825529933-1705955799
                                                                                                    • Opcode ID: 5e1fc618d1b2f3ecfe34eef50aac10fbd59895759b0e9412ba99961ee4bf31f1
                                                                                                    • Instruction ID: ff591d95da3f81aaa11a55631dc073537637e0808cc3475e2bc56238af3d5b9b
                                                                                                    • Opcode Fuzzy Hash: 5e1fc618d1b2f3ecfe34eef50aac10fbd59895759b0e9412ba99961ee4bf31f1
                                                                                                    • Instruction Fuzzy Hash: 4CB18E71A0062AEFDB25DF54C849BAEBBB9BF44310F00816AF8059A2D1D770DD90DBD1
                                                                                                    Function 008F49DF Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 144windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsWindow.USER32(?), ref: 008F4B5E
                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008F4B6F
                                                                                                    Strings
                                                                                                    • Failed to query registration., xrefs: 008F4AA8
                                                                                                    • WixBundleLayoutDirectory, xrefs: 008F4AEF
                                                                                                    • Failed to set layout directory variable to value provided from command-line., xrefs: 008F4B00
                                                                                                    • Failed to set registration variables., xrefs: 008F4AD8
                                                                                                    • Failed to set action variables., xrefs: 008F4ABE
                                                                                                    • Failed to open log., xrefs: 008F4A12
                                                                                                    • Failed while running , xrefs: 008F4B24
                                                                                                    • Failed to check global conditions, xrefs: 008F4A43
                                                                                                    • Failed to create the message window., xrefs: 008F4A92
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessagePostWindow
                                                                                                    • String ID: Failed to check global conditions$Failed to create the message window.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
                                                                                                    • API String ID: 3618638489-3051724725
                                                                                                    • Opcode ID: 2d782184c10ec5f2d4f154e88b760969772e8ac130d49c33ea12b357d5707de3
                                                                                                    • Instruction ID: bd50de07ea273d334859df8832a44fab2444db12d2fd62990d022fc4282ece10
                                                                                                    • Opcode Fuzzy Hash: 2d782184c10ec5f2d4f154e88b760969772e8ac130d49c33ea12b357d5707de3
                                                                                                    • Instruction Fuzzy Hash: 8541C371A4062FBADB265AB4CC41FBBB66CFF40764F001216BB14E6191D770ED109BE1
                                                                                                    Function 0090E82A Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 99threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,008F5386,?,?), ref: 0090E84A
                                                                                                    • GetLastError.KERNEL32(?,008F5386,?,?), ref: 0090E857
                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_0001E563,?,00000000,00000000), ref: 0090E8B0
                                                                                                    • GetLastError.KERNEL32(?,008F5386,?,?), ref: 0090E8BD
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,008F5386,?,?), ref: 0090E8F8
                                                                                                    • CloseHandle.KERNEL32(00000000,?,008F5386,?,?), ref: 0090E917
                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,?,008F5386,?,?), ref: 0090E924
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCreateErrorLast$ChangeEventFindHandleMultipleNotificationObjectsThreadWait
                                                                                                    • String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
                                                                                                    • API String ID: 1372344712-3599963359
                                                                                                    • Opcode ID: 2e024ce9214ffe678f6af3e4e8c4cb025283a0988fb524d289c15dfc03f39a68
                                                                                                    • Instruction ID: d78b591ae3f9d98ff7048f4c182438f3db5c162f5d6c2a5f1f5ba8b34d157f0e
                                                                                                    • Opcode Fuzzy Hash: 2e024ce9214ffe678f6af3e4e8c4cb025283a0988fb524d289c15dfc03f39a68
                                                                                                    • Instruction Fuzzy Hash: 0C314775E40219BFEB10DFA99D84AAFF6ECEF48350F114166FE15F7190D6309E009AA1
                                                                                                    Function 00911224 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,00000000,75922F60,?,00000000,?,?,?,00000000), ref: 00911249
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,0091B555,?,?,80000000,?,?,?,?,?), ref: 0091125C
                                                                                                    • GetExitCodeThread.KERNELBASE(?,?,?,?,00000000,?,?,?,?,0091B555,?,?,80000000,?,?,?), ref: 0091129E
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,0091B555,?,?,80000000,?,?,?,?,?), ref: 009112AC
                                                                                                    • ResetEvent.KERNEL32(?,?,?,00000000,?,?,?,?,0091B555,?,?,80000000,?,?,?,?), ref: 009112E7
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,0091B555,?,?,80000000,?,?,?,?,?), ref: 009112F1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                                                    • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
                                                                                                    • API String ID: 2979751695-3400260300
                                                                                                    • Opcode ID: b55b7ea27ac580c98f2125bf6742152f087ca17fcbf249d65cc3c41fd68cc6db
                                                                                                    • Instruction ID: ff2fbe6d8f7bd9c4a0ae05eebb7cc0a8008d570e133c12e5f992e5becd18fe37
                                                                                                    • Opcode Fuzzy Hash: b55b7ea27ac580c98f2125bf6742152f087ca17fcbf249d65cc3c41fd68cc6db
                                                                                                    • Instruction Fuzzy Hash: 9021D271750308BFEB18AB798D45ABEB6F8EB44710F00412EFA56D61A0E734CA00AB15
                                                                                                    Function 008FD5C0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNELBASE(?,00000000,?,008F46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,008F5386,?,?), ref: 008FD5CD
                                                                                                    • GetLastError.KERNEL32(?,008F46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,008F5386,?,?), ref: 008FD5DA
                                                                                                    • GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 008FD612
                                                                                                    • GetLastError.KERNEL32(?,008F46F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,008F5386,?,?), ref: 008FD61E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$AddressLibraryLoadProc
                                                                                                    • String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
                                                                                                    • API String ID: 1866314245-1140179540
                                                                                                    • Opcode ID: 0cdfdfbb46164f9f5c17ecb8b51804b237311de611d086df4c5a6f6a0ed97925
                                                                                                    • Instruction ID: cbbd0298b454ddd5cd0e0bed649c8ea6f01ba251dff199904d2808ff1b3e243f
                                                                                                    • Opcode Fuzzy Hash: 0cdfdfbb46164f9f5c17ecb8b51804b237311de611d086df4c5a6f6a0ed97925
                                                                                                    • Instruction Fuzzy Hash: 2D11E032A44B25ABEB206A789C14B6776D4EF04750F01412AFF0AE7190EA24CC009EE4
                                                                                                    Function 0091B2F6 Relevance: 16.3, APIs: 2, Strings: 7, Instructions: 553COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: ($Failed to set syncpoint event.$UX aborted cache.$apply.cpp$begin cache package$end cache package$layout bundle
                                                                                                    • API String ID: 0-826262529
                                                                                                    • Opcode ID: c6a0781f70620ab601d7edcf006023761396d8d1a7aff7e50f3e530385aab48b
                                                                                                    • Instruction ID: 11ef5321c782a8eccc4832ed9432b0971e9c540ef2d1894a62414fe7bb22ddbf
                                                                                                    • Opcode Fuzzy Hash: c6a0781f70620ab601d7edcf006023761396d8d1a7aff7e50f3e530385aab48b
                                                                                                    • Instruction Fuzzy Hash: D3223871A01619FFDB15CF94CC80FAABBB6FF48710F108659F914AB261C331A9A1DB90
                                                                                                    Function 008FCABE Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 144COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CompareStringW.KERNEL32(0000007F,00000000,FFFEB88D,000000FF,?,000000FF,008F5381,?,008F52B5,00000000,008F5381,FFF9E89D,008F5381,008F53B5,008F533D,?), ref: 008FCB15
                                                                                                    Strings
                                                                                                    • payload.cpp, xrefs: 008FCC16
                                                                                                    • Failed to extract file., xrefs: 008FCBE0
                                                                                                    • Failed to concat file paths., xrefs: 008FCBF5
                                                                                                    • Failed to get directory portion of local file path, xrefs: 008FCBEE
                                                                                                    • Failed to ensure directory exists, xrefs: 008FCBE7
                                                                                                    • Failed to get next stream., xrefs: 008FCBFC
                                                                                                    • Failed to find embedded payload: %ls, xrefs: 008FCB41
                                                                                                    • Payload was not found in container: %ls, xrefs: 008FCC22
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareString
                                                                                                    • String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$payload.cpp
                                                                                                    • API String ID: 1825529933-1711239286
                                                                                                    • Opcode ID: 404614b1d4dd62bb14fc2056c20e3e2ca1b9e1586a40824a8ec26add38487fa9
                                                                                                    • Instruction ID: 275a8ea5c8399cbbe3f90c828bdea4f7f1b609eaa7c75237911e1c33a91c22c8
                                                                                                    • Opcode Fuzzy Hash: 404614b1d4dd62bb14fc2056c20e3e2ca1b9e1586a40824a8ec26add38487fa9
                                                                                                    • Instruction Fuzzy Hash: 3D41D235D0021DEBCF25DFA8CA829BEB765FF40724F104169EA15EB251C7719E40DB91
                                                                                                    Function 008F4690 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128windowthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PeekMessageW.USER32(00000000,00000000,00000400,00000400,00000000), ref: 008F46B5
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 008F46BB
                                                                                                      • Part of subcall function 0090FC51: new.LIBCMT ref: 0090FC58
                                                                                                    • GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008F4749
                                                                                                    Strings
                                                                                                    • Unexpected return value from message pump., xrefs: 008F479F
                                                                                                    • Failed to load UX., xrefs: 008F46FE
                                                                                                    • wininet.dll, xrefs: 008F46E8
                                                                                                    • Failed to start bootstrapper application., xrefs: 008F4717
                                                                                                    • engine.cpp, xrefs: 008F4795
                                                                                                    • Failed to create engine for UX., xrefs: 008F46D5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$CurrentPeekThread
                                                                                                    • String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
                                                                                                    • API String ID: 673430819-2573580774
                                                                                                    • Opcode ID: 512fc423abe0e1dd5669df3dfd929ac4fd67e9157d63f9907589b3d41fdbeea3
                                                                                                    • Instruction ID: fa5a5b6b290f39ddd9bcfea5d131ff09951161b41ff4e99196832d623254e1f2
                                                                                                    • Opcode Fuzzy Hash: 512fc423abe0e1dd5669df3dfd929ac4fd67e9157d63f9907589b3d41fdbeea3
                                                                                                    • Instruction Fuzzy Hash: 6F41807160461DBFEB14AAB4CC85EBBB7ACFF45318F100126FB05E7250DB20AD459BA1
                                                                                                    Function 0090473A Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000008,?,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000001,00000000), ref: 00904765
                                                                                                    • GetLastError.KERNEL32 ref: 00904772
                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,?,00000000), ref: 0090481B
                                                                                                    • GetLastError.KERNEL32 ref: 00904825
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastRead
                                                                                                    • String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
                                                                                                    • API String ID: 1948546556-3912962418
                                                                                                    • Opcode ID: c8a61b4eccd6dcf259e36a32fa89cd9136354f8ad816baa8286998a02698a3cf
                                                                                                    • Instruction ID: 96477b61513c20cc72a833da405e7a843d0202c3e399985b67ea16b932a80479
                                                                                                    • Opcode Fuzzy Hash: c8a61b4eccd6dcf259e36a32fa89cd9136354f8ad816baa8286998a02698a3cf
                                                                                                    • Instruction Fuzzy Hash: 5931A3B2A50229BFEB109EB5DC45BAAF7A8FB05751F10C129FE05E61C0E7749E408BD1
                                                                                                    Function 008FF69D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 008FF7CD
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 008FF7DA
                                                                                                    Strings
                                                                                                    • Resume, xrefs: 008FF741
                                                                                                    • Failed to open registration key., xrefs: 008FF736
                                                                                                    • %ls.RebootRequired, xrefs: 008FF6BA
                                                                                                    • Failed to read Resume value., xrefs: 008FF763
                                                                                                    • Failed to format pending restart registry key to read., xrefs: 008FF6D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close
                                                                                                    • String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
                                                                                                    • API String ID: 3535843008-3890505273
                                                                                                    • Opcode ID: d0b0d8737e11ac1e56609564dd35464a3f6340aa18a8605749065696d4646da9
                                                                                                    • Instruction ID: 7c34b7434a8c36c63b73fc8e1681a835c988c667b1a79f574e36aed63aac452f
                                                                                                    • Opcode Fuzzy Hash: d0b0d8737e11ac1e56609564dd35464a3f6340aa18a8605749065696d4646da9
                                                                                                    • Instruction Fuzzy Hash: 20414F3690415DEBCB11AFA8C841ABDFBA5FF45314F258166EB14EB226D3719E40DB40
                                                                                                    Function 009067B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52synchronizationthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(00000001,000000FF,00000000,?,00906CFB,008F4740,?,00000000,?,00000000,00000001), ref: 009067BD
                                                                                                    • GetLastError.KERNEL32(?,00906CFB,008F4740,?,00000000,?,00000000,00000001), ref: 009067C7
                                                                                                    • GetExitCodeThread.KERNELBASE(00000001,00000000,?,00906CFB,008F4740,?,00000000,?,00000000,00000001), ref: 00906806
                                                                                                    • GetLastError.KERNEL32(?,00906CFB,008F4740,?,00000000,?,00000000,00000001), ref: 00906810
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CodeExitObjectSingleThreadWait
                                                                                                    • String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
                                                                                                    • API String ID: 3686190907-2546940223
                                                                                                    • Opcode ID: 8ac2217e6c45dcf7291fd0ce4d90c19bc6176ba3336e9d54a15c9256f4aa3954
                                                                                                    • Instruction ID: 2663b3311ac393317d66fc1f2b655c341b351cefe2a8e7614507aacc61822077
                                                                                                    • Opcode Fuzzy Hash: 8ac2217e6c45dcf7291fd0ce4d90c19bc6176ba3336e9d54a15c9256f4aa3954
                                                                                                    • Instruction Fuzzy Hash: F401AD70354308BFEB08ABB5DD16B7E76E9EB40710F10412DF906D50E0EB359E10AA18
                                                                                                    Function 0090D206 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000001,0093B4F0,?,00000001,000000FF,?,?,75A8B390,00000000,00000001,00000000,?,009072F3), ref: 0090D32F
                                                                                                    Strings
                                                                                                    • Failed to create pipe name and client token., xrefs: 0090D270
                                                                                                    • Failed to connect to elevated child process., xrefs: 0090D318
                                                                                                    • Failed to elevate., xrefs: 0090D311
                                                                                                    • elevation.cpp, xrefs: 0090D23A
                                                                                                    • UX aborted elevation requirement., xrefs: 0090D244
                                                                                                    • Failed to create pipe and cache pipe., xrefs: 0090D28C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle
                                                                                                    • String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
                                                                                                    • API String ID: 2962429428-3003415917
                                                                                                    • Opcode ID: b75554ac3dc904c6169d6a3ee8e4051e442bc34837f752f2f3ae91575f9ed442
                                                                                                    • Instruction ID: 994fe8405c73cd50b9214d08a8345042f1e2810a1d4225e8b029d4e5a6079f7b
                                                                                                    • Opcode Fuzzy Hash: b75554ac3dc904c6169d6a3ee8e4051e442bc34837f752f2f3ae91575f9ed442
                                                                                                    • Instruction Fuzzy Hash: 96310772A4672ABFE715A6E48C42FAFB75CEF40724F100215FB15EA1C1DB61ED0086E6
                                                                                                    Function 0093041B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0095B60C,00000000,?,?,?,008F5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 0093042B
                                                                                                    • CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,0095B604,?,008F5407,00000000,Setup), ref: 009304CC
                                                                                                    • GetLastError.KERNEL32(?,008F5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 009304DC
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,008F5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00930515
                                                                                                      • Part of subcall function 008F2DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 008F2F1F
                                                                                                    • LeaveCriticalSection.KERNEL32(0095B60C,?,?,0095B604,?,008F5407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 0093056E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
                                                                                                    • String ID: logutil.cpp
                                                                                                    • API String ID: 4111229724-3545173039
                                                                                                    • Opcode ID: 45e7cfdab09b05109c13e02c2fbce38ecc67aceb74870fe907a34008b43b7e1f
                                                                                                    • Instruction ID: a1f5ec68174a02c385abf29b38123375211b60c7c4053a26597eb86e4ee52af2
                                                                                                    • Opcode Fuzzy Hash: 45e7cfdab09b05109c13e02c2fbce38ecc67aceb74870fe907a34008b43b7e1f
                                                                                                    • Instruction Fuzzy Hash: 0F318571A0531DBFDB21AFB7DCA6A6A766CEB80765F004225FE00A6160D770CD50AF90
                                                                                                    Function 008F7203 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,008F583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 008F7215
                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,008F583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 008F72F4
                                                                                                    Strings
                                                                                                    • *****, xrefs: 008F72B0, 008F72BD
                                                                                                    • Failed to get unformatted string., xrefs: 008F7285
                                                                                                    • Failed to format value '%ls' of variable: %ls, xrefs: 008F72BE
                                                                                                    • Failed to get value as string for variable: %ls, xrefs: 008F72E3
                                                                                                    • Failed to get variable: %ls, xrefs: 008F7256
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                    • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
                                                                                                    • API String ID: 3168844106-2873099529
                                                                                                    • Opcode ID: 91a8174770f77c3c4396e52237f513ba6c7dc119931ba6219c1b4522c447ef4c
                                                                                                    • Instruction ID: 687f7658baa083add7ddfb512fd8130404eb676dbd15060385a52c5f50e90fa6
                                                                                                    • Opcode Fuzzy Hash: 91a8174770f77c3c4396e52237f513ba6c7dc119931ba6219c1b4522c447ef4c
                                                                                                    • Instruction Fuzzy Hash: 3431C032A08A1EBBEF219AA0CC01BBE7B65FF54724F104125FA05F6550D775AEA0DBC0
                                                                                                    Function 009108F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 0091098D
                                                                                                    • Failed to write during cabinet extraction., xrefs: 00910997
                                                                                                    • Unexpected call to CabWrite()., xrefs: 00910923
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWrite_memcpy_s
                                                                                                    • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
                                                                                                    • API String ID: 1970631241-3111339858
                                                                                                    • Opcode ID: d0b832b9cb4b0364339c6d58817bec98d72a36b1f46bb5ecbec4610e21f563b4
                                                                                                    • Instruction ID: 918e6cc5c49b336633e05ff930e8a91edc60825a917fe6c9a86def3d48594a10
                                                                                                    • Opcode Fuzzy Hash: d0b832b9cb4b0364339c6d58817bec98d72a36b1f46bb5ecbec4610e21f563b4
                                                                                                    • Instruction Fuzzy Hash: 7221BB76604208AFEB04DFADDD84EAA77E9FF88314B110059FA08C7256D672DA409B50
                                                                                                    Function 0093076C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenProcessToken.ADVAPI32(?,00000008,?,?,?,?,?,?,?,00908110,00000000), ref: 0093078A
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00908110,00000000), ref: 00930794
                                                                                                    • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,00908110,00000000), ref: 009307C6
                                                                                                    • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,00908110,00000000), ref: 0093081D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
                                                                                                    • String ID: procutil.cpp
                                                                                                    • API String ID: 2387526074-1178289305
                                                                                                    • Opcode ID: 1615e196159c8a3a55d5367d5819759642bfba5755f09d34b0f24308392da534
                                                                                                    • Instruction ID: c2936f89f0a70f162b3f88fa33a5c3dd37b2a5941f6fbc641abb9a94a23e4320
                                                                                                    • Opcode Fuzzy Hash: 1615e196159c8a3a55d5367d5819759642bfba5755f09d34b0f24308392da534
                                                                                                    • Instruction Fuzzy Hash: A6219371E40228EBDB149BA98C44AAEBBECEF94711F114166EE15E7250D7718E00EFD0
                                                                                                    Function 009109B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00910A25
                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00910A37
                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?), ref: 00910A4A
                                                                                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00910616,?,?), ref: 00910A59
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 009109F4
                                                                                                    • Invalid operation for this state., xrefs: 009109FE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Time$File$ChangeCloseDateFindLocalNotification
                                                                                                    • String ID: Invalid operation for this state.$cabextract.cpp
                                                                                                    • API String ID: 1330928052-1751360545
                                                                                                    • Opcode ID: 7895085c698b4202ca0a58ebbbfe84750e53e46482a23de3976b826ce0351bf9
                                                                                                    • Instruction ID: 27b71bfdae8dd8b059f26bf6a8225c074284ce67b8cac40581d87db59e1b3c67
                                                                                                    • Opcode Fuzzy Hash: 7895085c698b4202ca0a58ebbbfe84750e53e46482a23de3976b826ce0351bf9
                                                                                                    • Instruction Fuzzy Hash: 8621C07291421EAB87109FA8DC488EABBBCFE84720B50421AF965D65D0C7B5DA91CBD0
                                                                                                    Function 0093343B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitialize.OLE32(00000000), ref: 0093344A
                                                                                                    • InterlockedIncrement.KERNEL32(0095B6D8), ref: 00933467
                                                                                                    • CLSIDFromProgID.OLE32(Msxml2.DOMDocument,0095B6C8,?,?,?,?,?,?), ref: 00933482
                                                                                                    • CLSIDFromProgID.OLE32(MSXML.DOMDocument,0095B6C8,?,?,?,?,?,?), ref: 0093348E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FromProg$IncrementInitializeInterlocked
                                                                                                    • String ID: MSXML.DOMDocument$Msxml2.DOMDocument
                                                                                                    • API String ID: 2109125048-2356320334
                                                                                                    • Opcode ID: fb0a1da8d4ee10d65a76ec5fb8a1eeb3d5514dfc9382a1d02b72ecb7bfbeed53
                                                                                                    • Instruction ID: e090182b517a47eb2af5c4cc8068745a4ff0119dd63a783184c92d18343932a2
                                                                                                    • Opcode Fuzzy Hash: fb0a1da8d4ee10d65a76ec5fb8a1eeb3d5514dfc9382a1d02b72ecb7bfbeed53
                                                                                                    • Instruction Fuzzy Hash: BAF030207DA33957D7228BA7AC0DB172EA9ABD0B7AF108415FD44D21A4D3608985DFA0
                                                                                                    Function 00934932 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 0093495A
                                                                                                    • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00934989
                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 009349B3
                                                                                                    • GetLastError.KERNEL32(00000000,0093B790,?,?,?,00000000,00000000,00000000), ref: 009349F4
                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00934A28
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$Global$AllocFree
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 1145190524-2967768451
                                                                                                    • Opcode ID: f5a3cdaeada44efeb197b738ebc888164d1a795a1200bf8bf407d36523c2a649
                                                                                                    • Instruction ID: d1952e0eee3c1e03c6a75b033ecacf87c1677af0ca2eb68cf9bb3ed0a06a9ef1
                                                                                                    • Opcode Fuzzy Hash: f5a3cdaeada44efeb197b738ebc888164d1a795a1200bf8bf407d36523c2a649
                                                                                                    • Instruction Fuzzy Hash: 2721D536A40329ABD7119BA98C45BABBBACEF84764F024226FD05E7210D7309D00DEE1
                                                                                                    Function 0090E705 Relevance: 9.1, APIs: 6, Instructions: 85windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DefWindowProcW.USER32(?,00000082,?,?), ref: 0090E734
                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 0090E743
                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 0090E757
                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0090E767
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0090E781
                                                                                                    • PostQuitMessage.USER32(00000000), ref: 0090E7DE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$Proc$MessagePostQuit
                                                                                                    • String ID:
                                                                                                    • API String ID: 3812958022-0
                                                                                                    • Opcode ID: 92243b3e1d2734648c3b330a5f8c01191c3be9a3a53337fe7db4782472e652d0
                                                                                                    • Instruction ID: 3ad003cc00b43a7407fca8d37c29500f428275052aa0cb2ec54db91d574d460e
                                                                                                    • Opcode Fuzzy Hash: 92243b3e1d2734648c3b330a5f8c01191c3be9a3a53337fe7db4782472e652d0
                                                                                                    • Instruction Fuzzy Hash: FA218332118228BFDF115FA4DD49F6A7BA9FF49350F148914FA0AEA1A0C731DD10EB61
                                                                                                    Function 009310C5 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149registrystringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegQueryValueExW.KERNELBASE(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 009310ED
                                                                                                    • RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,?,?,?,?,00906EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00931126
                                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 0093121A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$lstrlen
                                                                                                    • String ID: BundleUpgradeCode$regutil.cpp
                                                                                                    • API String ID: 3790715954-1648651458
                                                                                                    • Opcode ID: c67ba4f04b7a724d24c9e12c0db428c6d69b4352649c72db1c392ae94a52b021
                                                                                                    • Instruction ID: 30361fcd6aca1cce6a474ace0564702c8bc69fab2339cfbba0a1722ebc761f05
                                                                                                    • Opcode Fuzzy Hash: c67ba4f04b7a724d24c9e12c0db428c6d69b4352649c72db1c392ae94a52b021
                                                                                                    • Instruction Fuzzy Hash: AA418131A0421AEFDB25DFA9C885AAFB7B9FF48720F114569ED15EB220D630DD019F90
                                                                                                    Function 0091AAE8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 107COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • Failed to skip the extraction of payload: %ls from container: %ls, xrefs: 0091ABEF
                                                                                                    • Failed to extract all payloads from container: %ls, xrefs: 0091AB9C
                                                                                                    • Failed to open container: %ls., xrefs: 0091AB2A
                                                                                                    • Failed to extract payload: %ls from container: %ls, xrefs: 0091ABE3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateErrorFileLast
                                                                                                    • String ID: Failed to extract all payloads from container: %ls$Failed to extract payload: %ls from container: %ls$Failed to open container: %ls.$Failed to skip the extraction of payload: %ls from container: %ls
                                                                                                    • API String ID: 1214770103-3891707333
                                                                                                    • Opcode ID: af0addd538fafc79306b9446e144c7f7644da9874dc09fbf24b710a0950fdc8d
                                                                                                    • Instruction ID: 9acaf2b3f3830c94b5bc687d901f96bd945b340da09670b16b5a8c9ec709ef5b
                                                                                                    • Opcode Fuzzy Hash: af0addd538fafc79306b9446e144c7f7644da9874dc09fbf24b710a0950fdc8d
                                                                                                    • Instruction Fuzzy Hash: 8631E332E8512DBBCF119AE4CC82EDE7769EF44310F200625FA11A6191E735DE909BA2
                                                                                                    Function 009107E4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 0091088A
                                                                                                    • GetLastError.KERNEL32(?,?,?), ref: 00910894
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 009108B8
                                                                                                    • Invalid seek type., xrefs: 00910820
                                                                                                    • Failed to move file pointer 0x%x bytes., xrefs: 009108C5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
                                                                                                    • API String ID: 2976181284-417918914
                                                                                                    • Opcode ID: 2dfb230c5f0e361a584867f63a54f3ae4db0aa9fcc42804b494fbfba1dd6537c
                                                                                                    • Instruction ID: e60a7aab1622271f9871a4503e2791aa7ccb21eba1d35604e6adf5e2b22627c5
                                                                                                    • Opcode Fuzzy Hash: 2dfb230c5f0e361a584867f63a54f3ae4db0aa9fcc42804b494fbfba1dd6537c
                                                                                                    • Instruction Fuzzy Hash: 0D31C231B0461DFFCB04DEA8C884DAAB7B9FB44314B008269F915D7650D772A950CBD0
                                                                                                    Function 00934212 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00934315: FindFirstFileW.KERNELBASE(?,?,00000000,00000000,?), ref: 00934350
                                                                                                      • Part of subcall function 00934315: FindClose.KERNEL32(00000000), ref: 0093435C
                                                                                                    • RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 00934305
                                                                                                      • Part of subcall function 00930E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,00935699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 00930E52
                                                                                                      • Part of subcall function 009310C5: RegQueryValueExW.KERNELBASE(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 009310ED
                                                                                                      • Part of subcall function 009310C5: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,?,?,?,?,00906EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00931126
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseFindQueryValue$FileFirstOpen
                                                                                                    • String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
                                                                                                    • API String ID: 3397690329-3978359083
                                                                                                    • Opcode ID: d517bc33a032c9f800a7147dd3290869b83c3a12321ad4ec1116f7feee3a6726
                                                                                                    • Instruction ID: 456680476b28478b58eceae5050456637f9629a8c9b0550944398f42f31040ae
                                                                                                    • Opcode Fuzzy Hash: d517bc33a032c9f800a7147dd3290869b83c3a12321ad4ec1116f7feee3a6726
                                                                                                    • Instruction Fuzzy Hash: 5A318D35A00219AADF21AFD5CC41AAFB77DEF00750F56817AF924B7151D731AA80CF54
                                                                                                    Function 009331C7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantInit.OLEAUT32(?), ref: 009331DD
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 009331F9
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00933280
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0093328B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: StringVariant$AllocClearFreeInit
                                                                                                    • String ID: xmlutil.cpp
                                                                                                    • API String ID: 760788290-1270936966
                                                                                                    • Opcode ID: 67ff3f940737e280b717fdf7925d1c0bea2cf4116df2b2f748c1907f5caee995
                                                                                                    • Instruction ID: 7ed9c280219c30c7f0a3d9e43750b291a39a4b1e6033df69764687556b5faca4
                                                                                                    • Opcode Fuzzy Hash: 67ff3f940737e280b717fdf7925d1c0bea2cf4116df2b2f748c1907f5caee995
                                                                                                    • Instruction Fuzzy Hash: F321A631941229EFCB10DBA8C848EAF7BB9EF84761F158158F915AB210DB359E01DF90
                                                                                                    Function 008F4013 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateDirectoryW.KERNELBASE(00000003,00000001,00000000,00000000,?,0093416C,00000001,00000000,?,00934203,00000003,00000001,00000001,00000000,00000000,00000000), ref: 008F4021
                                                                                                    • GetLastError.KERNEL32(?,0093416C,00000001,00000000,?,00934203,00000003,00000001,00000001,00000000,00000000,00000000,?,0090A55D,?,00000000), ref: 008F402F
                                                                                                    • CreateDirectoryW.KERNEL32(00000003,00000001,00000001,?,0093416C,00000001,00000000,?,00934203,00000003,00000001,00000001,00000000,00000000,00000000), ref: 008F4097
                                                                                                    • GetLastError.KERNEL32(?,0093416C,00000001,00000000,?,00934203,00000003,00000001,00000001,00000000,00000000,00000000,?,0090A55D,?,00000000), ref: 008F40A1
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                    • String ID: dirutil.cpp
                                                                                                    • API String ID: 1375471231-2193988115
                                                                                                    • Opcode ID: d0dfb9be6cb74581f50887188240018e9a495502d3e4e67c7c93c6447311097a
                                                                                                    • Instruction ID: 9cdbabf8a7832a13c726c1ba55de29ff32454d60aa232166c1c34ed7d9be3487
                                                                                                    • Opcode Fuzzy Hash: d0dfb9be6cb74581f50887188240018e9a495502d3e4e67c7c93c6447311097a
                                                                                                    • Instruction Fuzzy Hash: 8F11E436604A2DE6EB711AB54C44B3BB6A4FFD0B60F105127FF06EB050DF658C11A6E1
                                                                                                    Function 00904880 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,00000000,00000000,00000000,?,00000000,00000000,?,009051A4), ref: 009048CC
                                                                                                    Strings
                                                                                                    • pipe.cpp, xrefs: 00904904
                                                                                                    • Failed to write message type to pipe., xrefs: 0090490E
                                                                                                    • Failed to allocate message to write., xrefs: 009048AB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileWrite
                                                                                                    • String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
                                                                                                    • API String ID: 3934441357-1996674626
                                                                                                    • Opcode ID: 3f91a717ce1991efc929b70df4e7c4e7e205e53003ca8daa63bcb4805bc0e829
                                                                                                    • Instruction ID: bbb5ff0467cd47692d5de0c4ef3c21e12eddfd7961a72f73d36d5d455288fc9a
                                                                                                    • Opcode Fuzzy Hash: 3f91a717ce1991efc929b70df4e7c4e7e205e53003ca8daa63bcb4805bc0e829
                                                                                                    • Instruction Fuzzy Hash: E1117FB2A00219BEDB11DF95DD05FAF7BE9EF80750F114166FE04A2190D7709E50DAA1
                                                                                                    Function 0090444C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 008F38D4: GetProcessHeap.KERNEL32(?,000001C7,?,008F2284,000001C7,00000001,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F38E5
                                                                                                      • Part of subcall function 008F38D4: RtlAllocateHeap.NTDLL(00000000,?,008F2284,000001C7,00000001,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F38EC
                                                                                                    • _memcpy_s.LIBCMT ref: 0090449E
                                                                                                    • _memcpy_s.LIBCMT ref: 009044B1
                                                                                                    • _memcpy_s.LIBCMT ref: 009044CC
                                                                                                    Strings
                                                                                                    • Failed to allocate memory for message., xrefs: 00904487
                                                                                                    • pipe.cpp, xrefs: 0090447D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _memcpy_s$Heap$AllocateProcess
                                                                                                    • String ID: Failed to allocate memory for message.$pipe.cpp
                                                                                                    • API String ID: 886498622-1914209504
                                                                                                    • Opcode ID: f22002e287c6930a70690aa39e2fafc39c0944194c4cef3af8acb4e1521fa42e
                                                                                                    • Instruction ID: d26eb40d5f97bb1370a76b534c1729b242f3cc64f7bfddf3fa2eb501378ce138
                                                                                                    • Opcode Fuzzy Hash: f22002e287c6930a70690aa39e2fafc39c0944194c4cef3af8acb4e1521fa42e
                                                                                                    • Instruction Fuzzy Hash: 1D114FB260031DABDB01DE94CC86EEBB7ADEF44714B00452AFB059B151EB71DA54CBE1
                                                                                                    Function 009188CF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00930E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,00935699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 00930E52
                                                                                                    • RegCloseKey.KERNELBASE(00000000,00000000,00000088,00000000,000002C0,00000410,00020019,00000000,000002C0,00000000,?,?,?,00918C14,00000000,00000000), ref: 0091898C
                                                                                                    Strings
                                                                                                    • Failed to ensure there is space for related bundles., xrefs: 0091893F
                                                                                                    • Failed to initialize package from related bundle id: %ls, xrefs: 00918972
                                                                                                    • Failed to open uninstall key for potential related bundle: %ls, xrefs: 009188FB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
                                                                                                    • API String ID: 47109696-1717420724
                                                                                                    • Opcode ID: f7c0229076b77959147dee01025db452e56b188c26e251adad6684065fa9b98c
                                                                                                    • Instruction ID: 67542a0ca11abeb6ea8f43ee1f0f5ba10b30db5f9a597a4db747603f61e2f1c9
                                                                                                    • Opcode Fuzzy Hash: f7c0229076b77959147dee01025db452e56b188c26e251adad6684065fa9b98c
                                                                                                    • Instruction Fuzzy Hash: 15219A32A4021EBBDB128F84CD02FFFBB68FB40710F144165F900A6160DB759AA0FB92
                                                                                                    Function 00903955 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00930E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,00935699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 00930E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,00000001,feclient.dll,?,?,?,00903E61,feclient.dll,?,00000000,?,?,?,008F4A0C), ref: 009039F1
                                                                                                      • Part of subcall function 00930F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,?), ref: 00930FE4
                                                                                                      • Part of subcall function 00930F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0093101F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$CloseOpen
                                                                                                    • String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$feclient.dll
                                                                                                    • API String ID: 1586453840-3596319545
                                                                                                    • Opcode ID: db5be96763f989352019edbb91f50dc64a9a20582de41ebcbc11c2c69306bced
                                                                                                    • Instruction ID: 550690daf87a1ecf65f053d0a3e91c6559c0358d3ec8c86cb9d0a5b013f93d02
                                                                                                    • Opcode Fuzzy Hash: db5be96763f989352019edbb91f50dc64a9a20582de41ebcbc11c2c69306bced
                                                                                                    • Instruction Fuzzy Hash: E9119032B40208FFDB218AA5CD47AAEB7BCEB40B41F508066E511AB0D0D6B19F81D750
                                                                                                    Function 00930658 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62filestringCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,?,0092FF0B,?,?,00000000,00000000,0000FDE9), ref: 0093066A
                                                                                                    • WriteFile.KERNELBASE(FFFFFFFF,00000000,00000000,00000000,00000000,?,?,0092FF0B,?,?,00000000,00000000,0000FDE9), ref: 009306A6
                                                                                                    • GetLastError.KERNEL32(?,?,0092FF0B,?,?,00000000,00000000,0000FDE9), ref: 009306B0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastWritelstrlen
                                                                                                    • String ID: logutil.cpp
                                                                                                    • API String ID: 606256338-3545173039
                                                                                                    • Opcode ID: 5e0a66820385b7fa20f1f8ffc04ef40bb06569400a08345642e5251d8d2ced30
                                                                                                    • Instruction ID: eec1e3772495205a73767be7e2f253e0ab880b7caa21fed2b4dea24d0c691f2d
                                                                                                    • Opcode Fuzzy Hash: 5e0a66820385b7fa20f1f8ffc04ef40bb06569400a08345642e5251d8d2ced30
                                                                                                    • Instruction Fuzzy Hash: 9411E572A05329AB9710DA7A8D65EAFBAACEBC4765F010315FE05D7144EB30AD10DAE0
                                                                                                    Function 0091074E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0091114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0091077D,?,?,?), ref: 00911177
                                                                                                      • Part of subcall function 0091114F: GetLastError.KERNEL32(?,0091077D,?,?,?), ref: 00911181
                                                                                                    • ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 0091078B
                                                                                                    • GetLastError.KERNEL32 ref: 00910795
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 009107B9
                                                                                                    • Failed to read during cabinet extraction., xrefs: 009107C3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLast$PointerRead
                                                                                                    • String ID: Failed to read during cabinet extraction.$cabextract.cpp
                                                                                                    • API String ID: 2170121939-2426083571
                                                                                                    • Opcode ID: 9324c1eaceb3a20f8958f1e59948879fda019467e0ed6873b2d10fc9933093c4
                                                                                                    • Instruction ID: cea4c4c54f5994dcb52665596912b264552bcc69d70c2e69c451bd9b656a1776
                                                                                                    • Opcode Fuzzy Hash: 9324c1eaceb3a20f8958f1e59948879fda019467e0ed6873b2d10fc9933093c4
                                                                                                    • Instruction Fuzzy Hash: 6E01C472A04228BBDB219FA9DC04E9A7BADFF48760F010119FE08E7650D7319A109BD4
                                                                                                    Function 0091114F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,0091077D,?,?,?), ref: 00911177
                                                                                                    • GetLastError.KERNEL32(?,0091077D,?,?,?), ref: 00911181
                                                                                                    Strings
                                                                                                    • Failed to move to virtual file pointer., xrefs: 009111AF
                                                                                                    • cabextract.cpp, xrefs: 009111A5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: Failed to move to virtual file pointer.$cabextract.cpp
                                                                                                    • API String ID: 2976181284-3005670968
                                                                                                    • Opcode ID: 84291676732ac85ed226ce658b46365aaebb2b1e0804d3fef6526f3bbbe0beb1
                                                                                                    • Instruction ID: 0e4f496d2fda4243a1335d85db920450643db407828dce92da07fc2f62b504ae
                                                                                                    • Opcode Fuzzy Hash: 84291676732ac85ed226ce658b46365aaebb2b1e0804d3fef6526f3bbbe0beb1
                                                                                                    • Instruction Fuzzy Hash: EE012632744639BBD7211AAA9C04EC7FFA9EF807B4B008225FF1C96110D7359C50CAD4
                                                                                                    Function 008FD7CF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 008FD7F6
                                                                                                    • FreeLibrary.KERNELBASE(?,?,008F47D1,00000000,?,?,008F5386,?,?), ref: 008FD805
                                                                                                    • GetLastError.KERNEL32(?,008F47D1,00000000,?,?,008F5386,?,?), ref: 008FD80F
                                                                                                    Strings
                                                                                                    • BootstrapperApplicationDestroy, xrefs: 008FD7EE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressErrorFreeLastLibraryProc
                                                                                                    • String ID: BootstrapperApplicationDestroy
                                                                                                    • API String ID: 1144718084-3186005537
                                                                                                    • Opcode ID: 40d955644e4e9d5277e94c6f3295392f446769e357363280ef86cdbd933b7a81
                                                                                                    • Instruction ID: 755c6fddafd390a7dfe598a7dfef836925773ec4c000c75e7046a268d86d2060
                                                                                                    • Opcode Fuzzy Hash: 40d955644e4e9d5277e94c6f3295392f446769e357363280ef86cdbd933b7a81
                                                                                                    • Instruction Fuzzy Hash: D7F03C322147049FD7205F76DC08A66B7E9FF80362B01853DE656C6520D735E8009B60
                                                                                                    Function 0090F086 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009001,00000000,?), ref: 0090F09B
                                                                                                    • GetLastError.KERNEL32 ref: 0090F0A5
                                                                                                    Strings
                                                                                                    • EngineForApplication.cpp, xrefs: 0090F0C9
                                                                                                    • Failed to post plan message., xrefs: 0090F0D3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post plan message.
                                                                                                    • API String ID: 2609174426-2952114608
                                                                                                    • Opcode ID: 4dc91f862fc139e11bc149b750b9b3e1dd4e5b43aa4707b0860f1b8e21480f56
                                                                                                    • Instruction ID: 9c785cc2f43676c678144d17c4d0a58da7cb6ec52bc44006f5cc6f3afa68f680
                                                                                                    • Opcode Fuzzy Hash: 4dc91f862fc139e11bc149b750b9b3e1dd4e5b43aa4707b0860f1b8e21480f56
                                                                                                    • Instruction Fuzzy Hash: 4EF0E5327543307BE7202AAA9C49F87BBC8EF44BA0F014021FE0CEA091E6658C00DAE5
                                                                                                    Function 0090F194 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009005,?,00000000), ref: 0090F1A9
                                                                                                    • GetLastError.KERNEL32 ref: 0090F1B3
                                                                                                    Strings
                                                                                                    • EngineForApplication.cpp, xrefs: 0090F1D7
                                                                                                    • Failed to post shutdown message., xrefs: 0090F1E1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post shutdown message.
                                                                                                    • API String ID: 2609174426-188808143
                                                                                                    • Opcode ID: e27234e9aa562bfac080f6a0444d879f74110d94e1a70e1d78542960dfa70da5
                                                                                                    • Instruction ID: 10b3aea1be3f6dbf628f645f8f50a25f1c8d2a24b1ee4340495323951cdbbdf1
                                                                                                    • Opcode Fuzzy Hash: e27234e9aa562bfac080f6a0444d879f74110d94e1a70e1d78542960dfa70da5
                                                                                                    • Instruction Fuzzy Hash: C2F0EC33B453347BE7206AA99C09F877BC8EF44B60F014025FE08E6090E6518D009BE5
                                                                                                    Function 0091051A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetEvent.KERNEL32(?,00000000,?,0091145A,00000000,00000000,?,008FC121,00000000,?,?,0091AB88,?,00000000,?,?), ref: 00910524
                                                                                                    • GetLastError.KERNEL32(?,0091145A,00000000,00000000,?,008FC121,00000000,?,?,0091AB88,?,00000000,?,?,?,00000000), ref: 0091052E
                                                                                                    Strings
                                                                                                    • cabextract.cpp, xrefs: 00910552
                                                                                                    • Failed to set begin operation event., xrefs: 0091055C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorEventLast
                                                                                                    • String ID: Failed to set begin operation event.$cabextract.cpp
                                                                                                    • API String ID: 3848097054-4159625223
                                                                                                    • Opcode ID: 81ac8964730e60898d91b74e642a7800fb4ccea03249ddaeeaf58cf44d6247ae
                                                                                                    • Instruction ID: 0ddc97ed9c4a8dd3932bce398a3a2b91dab1aeffe11635b210c52d2053ae6e8c
                                                                                                    • Opcode Fuzzy Hash: 81ac8964730e60898d91b74e642a7800fb4ccea03249ddaeeaf58cf44d6247ae
                                                                                                    • Instruction Fuzzy Hash: 5DF0E533B447346BA72066BA6C06FDB76DCDF847A0B010136FE09E7150EA659D805AE9
                                                                                                    Function 0090E978 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009003,00000000,?), ref: 0090E98D
                                                                                                    • GetLastError.KERNEL32 ref: 0090E997
                                                                                                    Strings
                                                                                                    • EngineForApplication.cpp, xrefs: 0090E9BB
                                                                                                    • Failed to post apply message., xrefs: 0090E9C5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post apply message.
                                                                                                    • API String ID: 2609174426-1304321051
                                                                                                    • Opcode ID: c72552269d4a681d6506ec47299023599224f334fe9249edc84ee779e096e9b0
                                                                                                    • Instruction ID: b4a1785ee405e265a7fb33d8c01faf456542ed406cc91966f85e32c3c8d0103f
                                                                                                    • Opcode Fuzzy Hash: c72552269d4a681d6506ec47299023599224f334fe9249edc84ee779e096e9b0
                                                                                                    • Instruction Fuzzy Hash: D3F0EC327543306BE72036A99C45F877BC8EF44BA0F010025FE08E6091D6218C009AE5
                                                                                                    Function 0090EA09 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33threadwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PostThreadMessageW.USER32(?,00009000,00000000,?), ref: 0090EA1E
                                                                                                    • GetLastError.KERNEL32 ref: 0090EA28
                                                                                                    Strings
                                                                                                    • EngineForApplication.cpp, xrefs: 0090EA4C
                                                                                                    • Failed to post detect message., xrefs: 0090EA56
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastMessagePostThread
                                                                                                    • String ID: EngineForApplication.cpp$Failed to post detect message.
                                                                                                    • API String ID: 2609174426-598219917
                                                                                                    • Opcode ID: 071152a81b30a8dde7c9b15a6f0776a60a9bc980426eed31d17317fed47006bf
                                                                                                    • Instruction ID: c2738db9d5c64ba15710c4c85ec3d34f029b6116653404951f4d4d3bd5509ce4
                                                                                                    • Opcode Fuzzy Hash: 071152a81b30a8dde7c9b15a6f0776a60a9bc980426eed31d17317fed47006bf
                                                                                                    • Instruction Fuzzy Hash: 0CF0EC32B453306FE72066A99C45F877BC8EF44BA0F014121FE08E6090D6118D00D6E5
                                                                                                    Function 009055BD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CoInitializeEx.OLE32(00000000,00000000), ref: 009055D9
                                                                                                    • CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00905633
                                                                                                    Strings
                                                                                                    • Failed to initialize COM on cache thread., xrefs: 009055E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InitializeUninitialize
                                                                                                    • String ID: Failed to initialize COM on cache thread.
                                                                                                    • API String ID: 3442037557-3629645316
                                                                                                    • Opcode ID: 77137bcfc003e9524d66161968744bddc9bca08cb13879d837875d0c05a97025
                                                                                                    • Instruction ID: 4959395b04afc016755b8b91ecca6b3fae43aee091e03a1d964cd2e292531574
                                                                                                    • Opcode Fuzzy Hash: 77137bcfc003e9524d66161968744bddc9bca08cb13879d837875d0c05a97025
                                                                                                    • Instruction Fuzzy Hash: 99018072604619BFCB058FA9DC84EDBF7ADFF48354B518126FA08C7121DB31AD549B90
                                                                                                    Function 008F501B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,008F1104,?,?,00000000), ref: 008F503A
                                                                                                    • CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,008F1104,?,?,00000000), ref: 008F506A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CompareStringlstrlen
                                                                                                    • String ID: burn.clean.room
                                                                                                    • API String ID: 1433953587-3055529264
                                                                                                    • Opcode ID: ae93f5c4b6dd717d6ece39bd9e7bf50f554ca467c38916eb32e968759a904c3f
                                                                                                    • Instruction ID: b0c4ec446c6ee2303a450876954e0334278fa73bf720a49a95549eac743449a9
                                                                                                    • Opcode Fuzzy Hash: ae93f5c4b6dd717d6ece39bd9e7bf50f554ca467c38916eb32e968759a904c3f
                                                                                                    • Instruction Fuzzy Hash: 0701F972514B29AE93204B69DC84D73B7ADFB487567204216F705C3620D7709C40DBE5
                                                                                                    Function 009347D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointerEx.KERNELBASE(00000000,?,?,00000000,?,00000000,00000000,00000000,?,00936219,?,?,00000000,00000000,00000000,00000001), ref: 009347EB
                                                                                                    • GetLastError.KERNEL32(?,00936219,?,?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,?,00935AC5,?,?,?), ref: 009347F5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                    • String ID: fileutil.cpp
                                                                                                    • API String ID: 2976181284-2967768451
                                                                                                    • Opcode ID: bff834568804f2ceb6938d5df29dcb986b47259f7505493f5196334fa94fc460
                                                                                                    • Instruction ID: b5d2476a1e1c18ed6ce6b903b855c97c68c07902d8c0f1b4957157cafb2cbf47
                                                                                                    • Opcode Fuzzy Hash: bff834568804f2ceb6938d5df29dcb986b47259f7505493f5196334fa94fc460
                                                                                                    • Instruction Fuzzy Hash: D8F08171A00219AF9B109F95CC04DAB7BA8EF08350F014119FD05D7210D631DC10DFE0
                                                                                                    Function 008F37EA Relevance: 4.6, APIs: 3, Instructions: 79libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008F3829
                                                                                                    • GetLastError.KERNEL32 ref: 008F3833
                                                                                                    • LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 008F389B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryErrorLastLibraryLoadSystem
                                                                                                    • String ID:
                                                                                                    • API String ID: 1230559179-0
                                                                                                    • Opcode ID: 449efb9ff7c45fc5582a4f66441aba9ac936f065af2d41d4db79a785a3cef2b9
                                                                                                    • Instruction ID: bbf20e28124a367f62717327a387ed58848759d52ec0b75e911c4ada051115ee
                                                                                                    • Opcode Fuzzy Hash: 449efb9ff7c45fc5582a4f66441aba9ac936f065af2d41d4db79a785a3cef2b9
                                                                                                    • Instruction Fuzzy Hash: B121B6B2E1132D77DB209BB48C45FAA7768FB44750F110175BF08E7241E634DE448AA0
                                                                                                    Function 008F3999 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,008F3B34,00000000,?,008F1472,00000000,80004005,00000000,80004005,00000000,000001C7,?,008F13B7), ref: 008F39A3
                                                                                                    • RtlFreeHeap.NTDLL(00000000,?,008F3B34,00000000,?,008F1472,00000000,80004005,00000000,80004005,00000000,000001C7,?,008F13B7,000001C7,00000100), ref: 008F39AA
                                                                                                    • GetLastError.KERNEL32(?,008F3B34,00000000,?,008F1472,00000000,80004005,00000000,80004005,00000000,000001C7,?,008F13B7,000001C7,00000100,?), ref: 008F39B4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$ErrorFreeLastProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 406640338-0
                                                                                                    • Opcode ID: ab5f5b53881bad781ea701b06ca5ef636f287e03d890c0ad45b0ad0f3be84848
                                                                                                    • Instruction ID: 640d8bd2d7d90698da0b5317a3e7b7f979e3d1d605a601f749d28a79c0109ec4
                                                                                                    • Opcode Fuzzy Hash: ab5f5b53881bad781ea701b06ca5ef636f287e03d890c0ad45b0ad0f3be84848
                                                                                                    • Instruction Fuzzy Hash: 3DD05B326186346787102BFB5C0C797BE9CEF466E17014022FF05D2110D7358810EAF4
                                                                                                    Function 0090E7EB Relevance: 4.5, APIs: 3, Instructions: 19synchronizationwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsWindow.USER32(?), ref: 0090E7F8
                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0090E80E
                                                                                                    • WaitForSingleObject.KERNEL32(?,00003A98,?,008F4B37,?,?,?,?,?,0093B490,?,?,?,?,?,?), ref: 0090E81F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageObjectPostSingleWaitWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 1391784381-0
                                                                                                    • Opcode ID: 1b36f3129afddff2329c9f687e331ce4c04ec8ec627f69ce8818580c36258ec4
                                                                                                    • Instruction ID: 6ac5795d2312ed342834bfab5f9477659c1a1c7a12aa0afc852c58a66a2435c9
                                                                                                    • Opcode Fuzzy Hash: 1b36f3129afddff2329c9f687e331ce4c04ec8ec627f69ce8818580c36258ec4
                                                                                                    • Instruction Fuzzy Hash: F7E0C231290318BBDB221B61DC09FDB7B6CFB08751F08062AF759A50E0C7B27910AF84
                                                                                                    Function 008FF5E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00930E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,00935699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 00930E52
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,00000000,?,?,?,00907B4D,?,?,?), ref: 008FF644
                                                                                                      • Part of subcall function 00930EEC: RegQueryValueExW.ADVAPI32(00000004,?,00000000,00000000,?,00000078,00000000,?,?,?,009356EF,00000000,?,009363FF,00000078,00000000), ref: 00930F10
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                    • String ID: Installed
                                                                                                    • API String ID: 3677997916-3662710971
                                                                                                    • Opcode ID: a061704ea81fc808edd0eb604f4e6fac14895db91513a186e817bd1d2005d990
                                                                                                    • Instruction ID: 0131b24ef7ae2a9fdbf6ca42ae60a555550415dc1bc5f6f5d5eb0a1258e3ad06
                                                                                                    • Opcode Fuzzy Hash: a061704ea81fc808edd0eb604f4e6fac14895db91513a186e817bd1d2005d990
                                                                                                    • Instruction Fuzzy Hash: 5E014F3692022CFBCB25DBA4C946BEEBBA8EF04711F1141A5EA00E7161D7755E50DB90
                                                                                                    Function 00939006 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(00000000,000000B0,00000088,00000410,000002C0), ref: 0093905C
                                                                                                      • Part of subcall function 00930E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,00935699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 00930E52
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpen
                                                                                                    • String ID: %ls%ls\%ls\%ls
                                                                                                    • API String ID: 47109696-1267659288
                                                                                                    • Opcode ID: a2165c01795df7a171ca8e22cd1fb7f5762911c94ef358f4f581e886ebb5b6b1
                                                                                                    • Instruction ID: ca5bf1838d7048838390497c8c715ea7371e492bc36897222c7c696922dc1790
                                                                                                    • Opcode Fuzzy Hash: a2165c01795df7a171ca8e22cd1fb7f5762911c94ef358f4f581e886ebb5b6b1
                                                                                                    • Instruction Fuzzy Hash: BF014B3291021CFBDF26AFA0DC0ABEDBB79EB04356F004194FA0066060D7B65A60EB91
                                                                                                    Function 008F872B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DeleteCriticalSection.KERNEL32(?,00000001,?,?,008F4F40,?,?,?,?,?,008F545F,?,?,?,?,?), ref: 008F8734
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalDeleteSection
                                                                                                    • String ID: version.dll
                                                                                                    • API String ID: 166494926-4121253108
                                                                                                    • Opcode ID: 00d8ee1d8ecac4cdeda13dc32ffb79ee5e03d9706ef1d6c3dd4262a02fc3ebab
                                                                                                    • Instruction ID: d86db14bcc146c6f376bc79a9af293044b1f91d8e0b4bc41031b9bd53312ca44
                                                                                                    • Opcode Fuzzy Hash: 00d8ee1d8ecac4cdeda13dc32ffb79ee5e03d9706ef1d6c3dd4262a02fc3ebab
                                                                                                    • Instruction Fuzzy Hash: CCF06871200608EFCB21AF79DC84AAABBE8FF853817144426E645CB111DB71AD81CB90
                                                                                                    Function 008F3A72 Relevance: 3.0, APIs: 2, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(?,000001C7,?,?,008F227D,?,000001C7,00000001,80004005,8007139F,?,?,0093015F,8007139F,?,00000000), ref: 008F3A86
                                                                                                    • RtlReAllocateHeap.NTDLL(00000000,?,008F227D,?,000001C7,00000001,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F3A8D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 1357844191-0
                                                                                                    • Opcode ID: 72e95066db1818eb663b5acd02dd36d390dc775d0d1834531001d8baf6848680
                                                                                                    • Instruction ID: 792dc9f11c3155b61aebd109fe16625d7b669dfaed72500401edfd676f9f76cc
                                                                                                    • Opcode Fuzzy Hash: 72e95066db1818eb663b5acd02dd36d390dc775d0d1834531001d8baf6848680
                                                                                                    • Instruction Fuzzy Hash: 4AD0123216820DEBCF005FE8DC0DDAE3BACEB587127008405FA15C2110C73DE460AF60
                                                                                                    Function 008F38D4 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(?,000001C7,?,008F2284,000001C7,00000001,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F38E5
                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,008F2284,000001C7,00000001,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F38EC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 1357844191-0
                                                                                                    • Opcode ID: 943b8daf7d90629fd6e2435fef809785163c960bc0240eef6a487523fef82420
                                                                                                    • Instruction ID: 5b4175204bfd07005cdb65e2919ac75c3500cf42b1bbec2b5afcec14d0773a6d
                                                                                                    • Opcode Fuzzy Hash: 943b8daf7d90629fd6e2435fef809785163c960bc0240eef6a487523fef82420
                                                                                                    • Instruction Fuzzy Hash: 3BC012321A8208AB8B006FF8EC0EC9A3BACABA86027008401BA05C2110CB3CE014AB60
                                                                                                    Function 00933499 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantInit.OLEAUT32(?), ref: 009334CE
                                                                                                      • Part of subcall function 00932F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,009334DF,00000000,?,00000000), ref: 00932F3D
                                                                                                      • Part of subcall function 00932F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0091BDED,?,008F52FD,?,00000000,?), ref: 00932F49
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorHandleInitLastModuleVariant
                                                                                                    • String ID:
                                                                                                    • API String ID: 52713655-0
                                                                                                    • Opcode ID: 59911ef5c7739131966734de997eee901eb13a2f22fffe1468d6fe570b344431
                                                                                                    • Instruction ID: b89496280111cf66e1e5d2c46db76588ef66e1ae7fd5c85526094d05e020dd02
                                                                                                    • Opcode Fuzzy Hash: 59911ef5c7739131966734de997eee901eb13a2f22fffe1468d6fe570b344431
                                                                                                    • Instruction Fuzzy Hash: 45311A76E016299BCB11DFA8C884ADEB7F8EF08750F01456AFD15EB311D6709E048FA4
                                                                                                    Function 0091993C Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __aulldiv
                                                                                                    • String ID:
                                                                                                    • API String ID: 3732870572-0
                                                                                                    • Opcode ID: 52788800565957834cde3c4450e918ab75183ec00c3172606c18411fc8def49d
                                                                                                    • Instruction ID: 7f14c70de3f18a321d5f825ed3844eec2e5738ddc5395792d20a354bd6712253
                                                                                                    • Opcode Fuzzy Hash: 52788800565957834cde3c4450e918ab75183ec00c3172606c18411fc8def49d
                                                                                                    • Instruction Fuzzy Hash: A6212671700609AFEB20DF5AC890DA7B7BEFF89750714891EFA8687611C231EC91DB60
                                                                                                    Function 0093907D Relevance: 1.6, APIs: 1, Instructions: 81registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00938CFB: lstrlenW.KERNEL32(00000100,?,?,00939098,000002C0,00000100,00000100,00000100,?,?,?,00917B40,?,?,000001BC,00000000), ref: 00938D1B
                                                                                                    • RegCloseKey.ADVAPI32(000002C0,000002C0,00000100,00000100,00000100,?,?,?,00917B40,?,?,000001BC,00000000,00000000,00000000,00000100), ref: 00939136
                                                                                                      • Part of subcall function 00930E3F: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,00000000,00000001,00000000,?,00935699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,?,00000000,00000000), ref: 00930E52
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseOpenlstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 514153755-0
                                                                                                    • Opcode ID: 8eb6d2056fbf46810b63fa535a7f158da8feee1febf0a0bdbd91b46475d6237d
                                                                                                    • Instruction ID: 050996c3b59d8f0fb3734bde600fac852441cebcd905cbc84e5c0a1c475e2b8d
                                                                                                    • Opcode Fuzzy Hash: 8eb6d2056fbf46810b63fa535a7f158da8feee1febf0a0bdbd91b46475d6237d
                                                                                                    • Instruction Fuzzy Hash: 47217F73C0462EEBCF22AFA4CC45A9EBAB5EB84750F114265F901B7121D2728E50AF90
                                                                                                    Function 0090EBA8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _MREFOpen@16.MSPDB140-MSVCRT ref: 0090EBE0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Open@16
                                                                                                    • String ID:
                                                                                                    • API String ID: 3613110473-0
                                                                                                    • Opcode ID: 29c1a251978a583d007ae1e4ec72e815610297a601cefb902dd62b68fe2ab955
                                                                                                    • Instruction ID: d12c6ae73082bb56da8dea09055fb78c1049eda29a1faac55eaab507ecde56a6
                                                                                                    • Opcode Fuzzy Hash: 29c1a251978a583d007ae1e4ec72e815610297a601cefb902dd62b68fe2ab955
                                                                                                    • Instruction Fuzzy Hash: D0119473900229BFEB11DF98C880DAEBBADEB14760F114969F945A7240D736AE509790
                                                                                                    Function 00935728 Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,0095AAA0,00000000,?,00000000,?,0090890E,WiX\Burn,PackageCache,00000000,0095AAA0,00000000,?,?), ref: 00935782
                                                                                                      • Part of subcall function 00930F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,?), ref: 00930FE4
                                                                                                      • Part of subcall function 00930F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 0093101F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$Close
                                                                                                    • String ID:
                                                                                                    • API String ID: 1979452859-0
                                                                                                    • Opcode ID: c59a1ed0e809692a29b407d6cde447e227aa764afdcf6e012f217a20b35d7f51
                                                                                                    • Instruction ID: 84e0831f678a50da8c68fe555e803b617c9dcf58eac77fc8f4acfaded8de4b51
                                                                                                    • Opcode Fuzzy Hash: c59a1ed0e809692a29b407d6cde447e227aa764afdcf6e012f217a20b35d7f51
                                                                                                    • Instruction Fuzzy Hash: 5411C236800629EBCF21AEA4DD85ABEB6A9EB48320F164239ED0267120C3314D50DED0
                                                                                                    Function 00925154 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,00921E90,?,0000015D,?,?,?,?,009232E9,000000FF,00000000,?,?), ref: 00925186
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: 52efa554026af9f67f2ae5e315356b6f0e6b21d68e50a41fc69d4577ed038f57
                                                                                                    • Instruction ID: 3850dcdb687b0c921c2b644b6e2972e9021727fb21cd35708ed5af9a246b19c5
                                                                                                    • Opcode Fuzzy Hash: 52efa554026af9f67f2ae5e315356b6f0e6b21d68e50a41fc69d4577ed038f57
                                                                                                    • Instruction Fuzzy Hash: 88E06D2524CB34A7D7352665BC00B6B364DDB827A0F574120AC6A960DEEB34CC2196E5
                                                                                                    Function 008F34C5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,00000000,00000000,00000104,00000000,?,009089CA,0000001C,?,00000000,?,?), ref: 008F34E5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FolderPath
                                                                                                    • String ID:
                                                                                                    • API String ID: 1514166925-0
                                                                                                    • Opcode ID: 833b3fdc52b71094b03c32e89a4e3c612d807f853de98cbc274d0caefe6d41e0
                                                                                                    • Instruction ID: 54b052de1f95826d846dd0f1127fff38cfbc43c06a6f631dd4711398eda00204
                                                                                                    • Opcode Fuzzy Hash: 833b3fdc52b71094b03c32e89a4e3c612d807f853de98cbc274d0caefe6d41e0
                                                                                                    • Instruction Fuzzy Hash: C7E0127230122A7BAA022E765C09DFB7B9CFF257607008055BF44D7000E661E91096B5
                                                                                                    Function 008F40E2 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNELBASE(?,00000000,?,0090A229,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,?), ref: 008F40EB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AttributesFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 3188754299-0
                                                                                                    • Opcode ID: eb48364aed86ff85ffde4c18d1ba5d7515daa37c23266f18479e4a687a0b73c9
                                                                                                    • Instruction ID: f77ab25bef1461f4803b455b7b5390ed321f06c01f6b57afa13e7a4946b595b3
                                                                                                    • Opcode Fuzzy Hash: eb48364aed86ff85ffde4c18d1ba5d7515daa37c23266f18479e4a687a0b73c9
                                                                                                    • Instruction Fuzzy Hash: B1D05E3220612C574B289EBD9C046BBBB69FF227B17519216EE55CA2A1D3319C92C7D0
                                                                                                    Function 0092F349 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0092F35B
                                                                                                      • Part of subcall function 00939814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00939829
                                                                                                      • Part of subcall function 00939814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00939891
                                                                                                      • Part of subcall function 00939814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009398A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: 2e608d0088550424f2b61b2358c80296fc53c5adbabd47ae8a25c5894378dcf5
                                                                                                    • Instruction ID: c3fb9dbb3935ca244785fd593b3730a8bbe08d0ef17c43c1002ce9219d4a2a93
                                                                                                    • Opcode Fuzzy Hash: 2e608d0088550424f2b61b2358c80296fc53c5adbabd47ae8a25c5894378dcf5
                                                                                                    • Instruction Fuzzy Hash: 0CB012922586117C3244D322BC12D37025CC2C1F2E334C53ABD01D0080E8C40D0C0232
                                                                                                    Function 0092F37A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0092F35B
                                                                                                      • Part of subcall function 00939814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00939829
                                                                                                      • Part of subcall function 00939814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00939891
                                                                                                      • Part of subcall function 00939814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009398A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: a1c55757a14008ece3eabde9de7924df85ff05676beb0d0684588b18c1cd5662
                                                                                                    • Instruction ID: cdb02fd450fe423828b01ca56469ac71c20d407558a46324b9b53d22d3d22640
                                                                                                    • Opcode Fuzzy Hash: a1c55757a14008ece3eabde9de7924df85ff05676beb0d0684588b18c1cd5662
                                                                                                    • Instruction Fuzzy Hash: 9FB012912586116C3284D3266C12E77019CC2C5F2A334C63AF801C1080E8C00C4C0332
                                                                                                    Function 0092F36A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 0092F35B
                                                                                                      • Part of subcall function 00939814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00939829
                                                                                                      • Part of subcall function 00939814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00939891
                                                                                                      • Part of subcall function 00939814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009398A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: 0b17fc55b2634ca7e53fd0b7c57a865e7bfe68bffd8485b6d93b5910987087e2
                                                                                                    • Instruction ID: 0822bf2f2049d0466120d6f4e99f3d26ead7380d867f86b9e9883da7543719af
                                                                                                    • Opcode Fuzzy Hash: 0b17fc55b2634ca7e53fd0b7c57a865e7bfe68bffd8485b6d93b5910987087e2
                                                                                                    • Instruction Fuzzy Hash: 5CB012D12585116D3284D3266D13E37019CC2C5F2A334C53AB901C1080F8C40C0D0332
                                                                                                    Function 009394D5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 009394E7
                                                                                                      • Part of subcall function 00939814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00939829
                                                                                                      • Part of subcall function 00939814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00939891
                                                                                                      • Part of subcall function 00939814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009398A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: 1eee305f0351c2fa806cd303c0850139e812aa7069827826db9cc86e58dd3803
                                                                                                    • Instruction ID: 6288efe96980b6a740b6bc4b3a34b39a70e6499dbead02f39b7ddd3d17fddbde
                                                                                                    • Opcode Fuzzy Hash: 1eee305f0351c2fa806cd303c0850139e812aa7069827826db9cc86e58dd3803
                                                                                                    • Instruction Fuzzy Hash: EFB012852687117C3254A3262C5AE37010CD7C0F16730C62AB900E20C1A8C00C0D0733
                                                                                                    Function 009394F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 009394E7
                                                                                                      • Part of subcall function 00939814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00939829
                                                                                                      • Part of subcall function 00939814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00939891
                                                                                                      • Part of subcall function 00939814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009398A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: cbfa1742e7bab60f4e6a8c1da0a5f223d30e32f5f9a5162a2b5bb343189beb27
                                                                                                    • Instruction ID: 836a57828c567dc9a0efc1777800b2bf4613ab2ed3e22726d5264dd2e6c3e726
                                                                                                    • Opcode Fuzzy Hash: cbfa1742e7bab60f4e6a8c1da0a5f223d30e32f5f9a5162a2b5bb343189beb27
                                                                                                    • Instruction Fuzzy Hash: 78B012852696126C3294E3261C1BF37014CC7C4F16730C62ABD00C20C1E8C00C0D0732
                                                                                                    Function 00939506 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 009394E7
                                                                                                      • Part of subcall function 00939814: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00939829
                                                                                                      • Part of subcall function 00939814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00939891
                                                                                                      • Part of subcall function 00939814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 009398A2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: 20aa1f6e49246b18b0288346735a515c8e9771d3b90a29e007a859c502e91937
                                                                                                    • Instruction ID: 28ada30c266492aca5323b78fde5a7918855d0c1b1c5c6c4a268f9aa68eeb35c
                                                                                                    • Opcode Fuzzy Hash: 20aa1f6e49246b18b0288346735a515c8e9771d3b90a29e007a859c502e91937
                                                                                                    • Instruction Fuzzy Hash: ADB012C52687116C3294E3663E1BF37014CC7C0F16730862ABA01D30C1E8C40C0E0732
                                                                                                    Function 008F14B2 Relevance: 1.3, APIs: 1, Instructions: 54stringCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,008F21B8,?,00000000,00000000,00000000,?,00908A22,00000000,00000000,00000000,00000000), ref: 008F14E4
                                                                                                      • Part of subcall function 008F3B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,008F21DC,000001C7,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F3B59
                                                                                                      • Part of subcall function 008F3B51: HeapSize.KERNEL32(00000000,?,008F21DC,000001C7,80004005,8007139F,?,?,0093015F,8007139F,?,00000000,00000000,8007139F), ref: 008F3B60
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.2546431316.00000000008F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008F0000, based on PE: true
                                                                                                    • Associated: 00000005.00000002.2546379684.00000000008F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546505296.000000000093B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546567190.000000000095A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    • Associated: 00000005.00000002.2546604122.000000000095E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_8f0000_VC_redist.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$ProcessSizelstrlen
                                                                                                    • String ID:
                                                                                                    • API String ID: 3492610842-0
                                                                                                    • Opcode ID: bc4cfa20d0ca59177ed07538eb4de89fc3b3a21d34b496f945ad0df2c2992669
                                                                                                    • Instruction ID: 4e830fe3dc387cb3c2cd1254249527cb082de6de58c7a9c86df13634237ec64e
                                                                                                    • Opcode Fuzzy Hash: bc4cfa20d0ca59177ed07538eb4de89fc3b3a21d34b496f945ad0df2c2992669
                                                                                                    • Instruction Fuzzy Hash: 1501D23720022DEBCF215E74CC88EAA7796FB95764F214225FB25DB160D6319C509AA4